https://pantsbuild.org/ logo
h

hundreds-father-404

03/31/2022, 8:43 PM
Huh, anyone know about git signing and how I messed up pex release? https://github.com/pantsbuild/pex/issues/1701 I followed RELEASE.rst and used pgp key i use for github & pants pypi releases
Captura de Pantalla 2022-03-31 a la(s) 1.44.39 p. m..png
w

witty-crayon-22786

03/31/2022, 8:50 PM
relative to the other releases, it looks like maybe the tag isn’t signed?
can you recreate the tag as signed maybe?
h

hundreds-father-404

03/31/2022, 8:51 PM
i ran
git tag --sign -am 'Release 2.1.29' v2.1.29
, weird
why do we use -a?
Copy code
-a, --annotate
           Make an unsigned, annotated tag object
w

witty-crayon-22786

03/31/2022, 8:54 PM
…hm. yea, that’s sus
h

hundreds-father-404

03/31/2022, 8:55 PM
i gtg but will try to redo this once i figure out how to edit a tag
and the implications of that?
im gonna be out tomorrow if anyone else is able to look into this. cc @happy-kitchen-89482 @bitter-ability-32190. otherwise will look monday
b

bitter-ability-32190

04/01/2022, 12:53 AM
I'm out tomorrow (and most of the weekend) as well
👍 1
w

witty-crayon-22786

04/01/2022, 1:07 AM
Have good weekends all!
❤️ 2
h

hundreds-father-404

04/01/2022, 9:41 PM
cc @enough-analyst-54434 is the
-a
still correct?
re your question on TTY env var, i had to set that to get the password prompt to sign w/ my pgp key. same prompt i use for pants releases. so i dont think thats the culprit
w

witty-crayon-22786

04/01/2022, 9:48 PM
h

hundreds-father-404

04/04/2022, 9:58 PM
❤️ 1
e

enough-analyst-54434

04/04/2022, 10:36 PM
A bit more to do there, but this might be something we should require all Pants releasers to set up. Working on an Apache project was good for getting you thinking about the OSS ecosystem, GitHub not so much. Maybe we can even have a key signing party! I'm still not linked into the web of trust. Maybe one of us knows someone?
👀 1
💯 1
h

hundreds-father-404

04/04/2022, 10:37 PM
That would be great! Our pants release docs only mention PGP keys with github. And github docs do not mention publishing your key anywhere. So I might not be the only one with this issue