Limiting who can create v${NUMBER}.${NUMBER}.${NUMBER} tags in KDE Applications git repos

Ben Cooksley bcooksley at
Mon Jun 25 08:33:39 UTC 2018

On Mon, Jun 25, 2018 at 6:57 PM, Rolf Eike Beer
<kde at> wrote:
> Am 2018-06-24 22:56, schrieb Albert Astals Cid:
>> Hi, would anyone be against limiting who can create
>> i.e. tags that look like our release tags to members of the release team
>> for
>> the KDE Applications git repositories?
>> Rationale: Some distros build from git tags so creating a "release looking
>> tag" is for them like "using the release tarball" and we already limit who
>> can
>> upload release tarballs to the so it would be a similar
>> restriction but for the git side.
> This sounds sane to me. Simply require those tags to be signed by
> $key_in_known_good_list.

Given the recent security issues surrounding interaction with GPG done
by external programs, I would rather not perform key verification.

> Eike


More information about the release-team mailing list