https://pantsbuild.org/ logo
Join Slack
Powered by
Huh, anyone know about git signing and how I messe...
# development
h
Huh, anyone know about git signing and how I messed up pex release? https://github.com/pantsbuild/pex/issues/1701 I followed RELEASE.rst and used pgp key i use for github & pants pypi releases
Captura de Pantalla 2022-03-31 a la(s) 1.44.39 p. m..png
w
relative to the other releases, it looks like maybe the tag isn’t signed?
can you recreate the tag as signed maybe?
h
i ran 
git tag --sign -am 'Release 2.1.29' v2.1.29
, weird
why do we use -a?
Copy code
-a, --annotate
           Make an unsigned, annotated tag object
w
…hm. yea, that’s sus
h
i gtg but will try to redo this once i figure out how to edit a tag
and the implications of that?
im gonna be out tomorrow if anyone else is able to look into this. cc @happy-kitchen-89482 @bitter-ability-32190. otherwise will look monday
b
I'm out tomorrow (and most of the weekend) as well
👍 1
w
Have good weekends all!
❤️ 2
h
cc @enough-analyst-54434 is the 
-a
still correct?
re your question on TTY env var, i had to set that to get the password prompt to sign w/ my pgp key. same prompt i use for pants releases. so i dont think thats the culprit
w
h
❤️ 1
e
A bit more to do there, but this might be something we should require all Pants releasers to set up. Working on an Apache project was good for getting you thinking about the OSS ecosystem, GitHub not so much. Maybe we can even have a key signing party! I'm still not linked into the web of trust. Maybe one of us knows someone?
👀 1
💯 1
h
That would be great! Our pants release docs only mention PGP keys with github. And github docs do not mention publishing your key anywhere. So I might not be the only one with this issue
Open in Slack
PreviousNext
Powered by