doc: use git-secure-tag for release tags

`git-secure-tag` recursively constructs an SHA-512 digest out of the git tree, and puts the hash from the tree's root into the tag annotation. This hash provides better integrity guarantees than the default SHA-1 merkle tree that git uses. Fix: #7579 PR-URL: #7603 Reviewed-By: Rod Vagg <rod@vagg.org> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Evan Lucas <evanlucas@me.com>
nodejs · Sep 28, 2016 · 23989b0 · 23989b0
1 parent 796556a
commit 23989b0
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/doc/releases.md b/doc/releases.md
@@ -189,10 +189,16 @@ Once you have produced builds that you're happy with, create a new tag. By waiti
 
 Tag summaries have a predictable format, look at a recent tag to see, `git tag -v v6.0.0`. The message should look something like `2016-04-26 Node.js v6.0.0 (Current) Release`.
 
-Create a tag using the following command:
+Install `git-secure-tag` npm module:
 
+```console
+$ npm install -g git-secure-tag
 ```
-$ git tag <vx.y.z> <commit-sha> -sm 'YYYY-MM-DD Node.js vx.y.z (Release Type) Release'
+
+Create a tag using the following command:
+
+```sh
+$ git secure-tag <vx.y.z> <commit-sha> -sm 'YYYY-MM-DD Node.js vx.y.z (Release Type) Release'
 ```
 
 The tag **must** be signed using the GPG key that's listed for you on the project README.