[RCD] signing release tags?

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Oct 10 00:00:21 CEST 2012


hi folks--

Thank you very much for your work on roundcube, and for your transition
From svn to git.  very nice!

I note that tag v0.8.2 isn't signed by any OpenPGP key.  If you could
sign the release tags with a well-known OpenPGP key, that would be
great.  In particular, it would make it possible for people to verify
that what they're fetching from git is actually the data intended by the
developers.

I'd be happy to help you tag signing sorted out, if you're not used
doing this with OpenPGP (i don't see any @roundcube.net user IDs on the
public keyservers yet).

What do you think?

Regards,

        --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 965 bytes
Desc: not available
URL: <http://lists.roundcube.net/pipermail/dev/attachments/20121009/75b81483/attachment.sig>


More information about the dev mailing list