Differences between revisions 5 and 6
Revision 5 as of 2015-05-29 18:36:47
Size: 1446
Comment:
Revision 6 as of 2015-05-29 18:38:11
Size: 1447
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
= Why should I create signed releases = = Why should I create signed releases? =

Why should I create signed releases?

It is a good idea to create releases on GitHub, it makes packaging work much easier and also provides an easy to use mechanism for your users to get a specific version of your software.

It is an even better idea to additionally sign your releases using your GPG key. This way, your users can verify, if they actually received the same tarball you have released.

Creating signed releases on GitHub

1. Create a new tag in your git repo:

git tag v0.4
git push --tags

2. Go to your github project and click on the "Releases" link

releases.png

3. Click on "Draft a new release", fill out the tag, title and description field and click on "Publish release"

fillout.png

4. Go back to your "Releases" section and download the ".tar.gz" automatically generated by github.

5. If you do not have GPG Key yet, create one as described here and make sure it is uploaded on a public keyserver.

6. Sign the tarball using

gpg --armor --detach-sign mysoftware-0.4.tar.gz

This should give a file called "mysoftware-0.4.tar.gz.asc"

7. Edit your release again and attach the "mysoftware-0.4.tar.gz.asc" as binary to the release.

attach.png

You have successfully created a signed release on ?GitHub :)

result.png