You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I was wondering what the difference between our Signed-Tags and Signed-Releases check is. According to our README Signed-Tags tests if - the project cryptographically signs release tags?. 2 questions then:
Our current implementation tests if all tags are signed and not just release tags. Is that a mistake?
If we are concerned only with release tags, should we consider merging Signed-Tags and Signed-Releases checks into one?
Signed Tags are Git Tags that are supposed to be signed. Not every tag would end up in releases.
Signed releases are when the releases are cryptographically signed.
I was wondering what the difference between our Signed-Tags and Signed-Releases check is. According to our README Signed-Tags tests if - the project cryptographically signs release tags?. 2 questions then:
Our current implementation tests if all tags are signed and not just release tags. Is that a mistake?
It is not. Not all git tags end up with releases, it is based on the project's release criteria.
Signed tags are for all git tags
Signed releases for not for tags but for the actual release.
Makes sense. Although how is testing all Git tags useful to users? IIUC, if these Git tags aren't used in releases, users would never see/use these tags?
I was wondering what the difference between our
Signed-Tags
andSigned-Releases
check is. According to our READMESigned-Tags
tests if -the project cryptographically signs release tags?
. 2 questions then:Signed-Tags
andSigned-Releases
checks into one?@inferno-chromium @oliverchang @laurentsimon @naveensrinivasan thoughts?
The text was updated successfully, but these errors were encountered: