[Swan-dev] git tagging best practices

Paul Wouters paul at nohats.ca
Wed Jun 12 14:45:59 UTC 2019

On Tue, 19 Mar 2019, Daniel Kahn Gillmor wrote:

> Subject: [Swan-dev] git tagging best practices

I missed this message before, so I didn't do this for the 3.29 release
either, but:

> In particular, i note that every modern libreswan tag is
> cryptographically signed, and its tag message contains not only the
> version number but also a list of relevant changes in the release.
> I have two suggestions for improvements to future git tag messages:
> a) (nit-pick) please include a blank line between the initial
>    version/date line and the rest of the message.

I'll try and remember, and somehow add that to our process. Currently,
we just pick up the first section of the CHANGES file which has that

> b) please include the work "Libreswan" in the "subject" line of the tag
>    message.  So rather than "v3.28 (June 03, 2019)", the subject line
>    would be "Libreswan v3.28 (June 03, 2019)" (btw, i'm not trying to
>    set a timeline for the release of v3.28, just using an imaginary
>    future release to avoid implying that i think you need to
>    retroactively change already-existing tags, which i'm not asking you
>    to do)

These tags should really be done with the team at libreswan.org key and not
mine. Confusion here happens because I cannot seem to select a prefered
email/key within the git tree, or outside in ~/.gitconfig to only match
certain git repositories.

> I'm asking this of libreswan because what i really want is an exemplar
> that i can point other projects to and say "do it like they do".  And i
> also want to encourage downstream verifying tools to build sensible
> automated new release verification steps, and being able to point to a
> project and say "this tool should at least be able to verify a new
> Libreswan release isn't just a maliciously-renamed tag from some other
> git repository".

Sure :)

> let me know if i can help make this change happen for future releases!
> i couldn't find any script for generating the tag in the libreswan repo,
> but maybe i wasn't looking in the right place.

No script, all human. If you're at IETF 105, let's talk there.


More information about the Swan-dev mailing list