-
Notifications
You must be signed in to change notification settings - Fork 29.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tools: use long format for gpg fingerprint #9258
Conversation
Git has been using my Long format fingerprint in the tagging messages, this has been causing the release script to fail on my keys. It would also be wise to be using the long format on keys based on some attacks that hack been found in the while around short keys.
Are you sure this is fixing what you think it is? What is the failure message you're getting.
|
@rvagg without this commit I was unable to get the tool to work. The key that was being compared was using the short format, but the signed commit had the long version. With this commit everything was working as expected /cc @jbergstroem who was working with me when I dealt with the problems |
I don't have much to add other than finding out that they key that was used to sign was in the long format. In general, its always safer to use the long format. |
ok, odd, but since we control the README format then this lgtm |
/cc @nodejs/build can I get some more thumbs up on this please |
Git has been using my Long format fingerprint in the tagging messages, this has been causing the release script to fail on my keys. It would also be wise to be using the long format on keys based on some attacks that hack been found in the wild around short keys. PR-URL: nodejs#9258 Reviewed-By: Johan Bergström <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Rod Vagg <[email protected]>
landed in b315e24 |
Git has been using my Long format fingerprint in the tagging messages, this has been causing the release script to fail on my keys. It would also be wise to be using the long format on keys based on some attacks that hack been found in the wild around short keys. PR-URL: #9258 Reviewed-By: Johan Bergström <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Rod Vagg <[email protected]>
Git has been using my Long format fingerprint in the tagging messages, this has been causing the release script to fail on my keys. It would also be wise to be using the long format on keys based on some attacks that hack been found in the wild around short keys. PR-URL: #9258 Reviewed-By: Johan Bergström <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Rod Vagg <[email protected]>
Git has been using my Long format fingerprint in the tagging messages, this has been causing the release script to fail on my keys. It would also be wise to be using the long format on keys based on some attacks that hack been found in the wild around short keys. PR-URL: #9258 Reviewed-By: Johan Bergström <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Rod Vagg <[email protected]>
Git has been using my Long format fingerprint in the tagging messages, this has been causing the release script to fail on my keys. It would also be wise to be using the long format on keys based on some attacks that hack been found in the wild around short keys. PR-URL: #9258 Reviewed-By: Johan Bergström <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Rod Vagg <[email protected]>
Checklist
Affected core subsystem(s)
tools
Description of change
Git has been using my Long format fingerprint in the tagging messages,
this has been causing the release script to fail on my keys.
It would also be wise to be using the long format on keys based on some
attacks that hack been found in the while around short keys.
@nodejs/release can you test that this works on your machine? You should be able to run it on a release you have signed with the following command
./tools/release.sh -s v6.9.1
This should take you through the entire signing process, and you can then opt not to upload