On Tue, 19 Mar 2019, Daniel Kahn Gillmor wrote:
Subject: [Swan-dev] git tagging best practices
I missed this message before, so I didn't do this for the 3.29 release either, but:
In particular, i note that every modern libreswan tag is cryptographically signed, and its tag message contains not only the version number but also a list of relevant changes in the release. I have two suggestions for improvements to future git tag messages: a) (nit-pick) please include a blank line between the initial version/date line and the rest of the message.
I'll try and remember, and somehow add that to our process. Currently, we just pick up the first section of the CHANGES file which has that structure.
b) please include the work "Libreswan" in the "subject" line of the tag message. So rather than "v3.28 (June 03, 2019)", the subject line would be "Libreswan v3.28 (June 03, 2019)" (btw, i'm not trying to set a timeline for the release of v3.28, just using an imaginary future release to avoid implying that i think you need to retroactively change already-existing tags, which i'm not asking you to do)
These tags should really be done with the [email protected] key and not mine. Confusion here happens because I cannot seem to select a prefered email/key within the git tree, or outside in ~/.gitconfig to only match certain git repositories.
I'm asking this of libreswan because what i really want is an exemplar that i can point other projects to and say "do it like they do". And i also want to encourage downstream verifying tools to build sensible automated new release verification steps, and being able to point to a project and say "this tool should at least be able to verify a new Libreswan release isn't just a maliciously-renamed tag from some other git repository".
Sure :)
let me know if i can help make this change happen for future releases! i couldn't find any script for generating the tag in the libreswan repo, but maybe i wasn't looking in the right place.
No script, all human. If you're at IETF 105, let's talk there. Paul _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
