Am 2018-06-24 22:56, schrieb Albert Astals Cid:
Hi, would anyone be against limiting who can create
v${NUMBER}.${NUMBER}.${NUMBER}
i.e. tags that look like our release tags to members of the release
team for
the KDE Applications git repositories?
Rationale: Some distros build from git tags so creating a "release
looking
tag" is for them like "using the release tarball" and we already limit
who can
upload release tarballs to the download.kde.org so it would be a
similar
restriction but for the git side.
This sounds sane to me. Simply require those tags to be signed by
$key_in_known_good_list.
Eike
