Maybe I'm just talking to an attacker (github) presenting me unsigned repo, so this issue is waste of time, but in case I don't, please sign tags.
$ git verify-tag v0.4-beta
error: v0.4-beta: cannot verify a non-tag object of type commit.
security
Kixunil
All 2 comments
Heh, I was just about to open this issue myself. :) Definitely needs to be fixed.
petertodd
on 20 Mar 2018
😄1
The latest release includes a signed tag:
â›° git verify-tag v0.4.1-beta
gpg: Signature made Mon Apr 2 17:10:37 2018 PDT
gpg: using RSA key 964EA263DD637C21
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]
Maybe I'm just talking to an attacker (github) presenting me unsigned repo
All commits by major contributors are also signed.
Roasbeef
on 3 Apr 2018
👍2
Was this page helpful?
0 / 5 - 0 ratings
Related issues
Roasbeef
·
3Comments
sunnya97
·
3Comments
Roasbeef
·
3Comments
qubenix
·
3Comments
ealymbaev
·
3Comments
Most helpful comment
The latest release includes a signed tag:
All commits by major contributors are also signed.