Skip to content

Commit

Permalink
doc: use git-secure-tag for release tags
Browse files Browse the repository at this point in the history
`git-secure-tag` recursively constructs an SHA-512 digest out of the
git tree, and puts the hash from the tree's root into the tag
annotation. This hash provides better integrity guarantees than the
default SHA-1 merkle tree that git uses.

Fix: #7579
PR-URL: #7603
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
  • Loading branch information
indutny committed Aug 5, 2016
1 parent e3e3588 commit 0f3f76c
Showing 1 changed file with 7 additions and 1 deletion.
8 changes: 7 additions & 1 deletion doc/releases.md
Original file line number Diff line number Diff line change
Expand Up @@ -216,10 +216,16 @@ Once you have produced builds that you're happy with, create a new tag. By waiti

Tag summaries have a predictable format, look at a recent tag to see, `git tag -v v6.0.0`. The message should look something like `2016-04-26 Node.js v6.0.0 (Current) Release`.

Install `git-secure-tag` npm module:

```console
$ npm install -g git-secure-tag
```

Create a tag using the following command:

```sh
$ git tag <vx.y.z> <commit-sha> -sm 'YYYY-MM-DD Node.js vx.y.z (Release Type) Release'
$ git secure-tag <vx.y.z> <commit-sha> -sm 'YYYY-MM-DD Node.js vx.y.z (Release Type) Release'
```

The tag **must** be signed using the GPG key that's listed for you on the project README.
Expand Down

0 comments on commit 0f3f76c

Please sign in to comment.