[policy, no patch] Should core use gpg-signed git annotated tags

Created on 21 March 2023, over 1 year ago

This is a followup to 📌 Define conventions around drupal core git interaction Closed: outdated . In that issue, marvil07 suggest that Drupal use gpg-signed git annotated tags.

From the Issue Summary of the other issue:

Git provides two types of tags: simple and annotated, the last one can also be gpg-signed.

Currently we are using simple tags.
Annotated gpg-signed tags are usually the recommended for real release tags, mainly for verification.

Should we start using gpg-signed annotated tags?

Discuss and decide if annotated tags should be used.

🌱 Plan

Status

Active

Version

10.1 ✨

Component

Other →

Last updated about 14 hours ago

Created by

🇳🇿New Zealand quietone

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @quietone
Comment over 1 year ago →
cilefen
And also commits… Gitlab can be configured to reject unsigned artifacts.

Production build 0.71.5 2024