Hello all. Yesterday between roughly 1pm - 2:30pm UTC `git fetch` on core was failing with the exact error being 1.43.0-rc.0 -> 1.43.0-rc.0 (would clobber existing tag) for both 1.43.0-rc.0 and 1.43.0 tags.
This error was because I recreated the 2 tags i.e. the original tags deleted and new ones with the exact names pointing to the exact commits created. The reason for the update was to add missing GPG signature. Tags are never meant to update (hence why fetching updated tags will by default reject the tags unless you fetch with --force or do a local git tag -d) The prompt for doing it now, was creation of a tarball diff for 1.43.0-rc.0, and that process led to a "tag not signed error", thus realizing it hasn't been signed. We fixed this error <https://phabricator.wikimedia.org/T400729>by restoring the original tags. Some ideas we have discussed going forward to prevent this is in addition to having the documented requirement in the Release Checklist <https://www.mediawiki.org/wiki/Release_checklist> for signed artefacts, enforce the same from the artefacts scripts creation level. Cheers.
_______________________________________________ Wikitech-l mailing list -- wikitech-l@lists.wikimedia.org To unsubscribe send an email to wikitech-l-le...@lists.wikimedia.org https://lists.wikimedia.org/postorius/lists/wikitech-l.lists.wikimedia.org/
