From bf33d2f83aac1bb30006f764fa9afca92d022a6f Mon Sep 17 00:00:00 2001 From: Fedor Indutny Date: Fri, 22 Jul 2016 21:40:27 -0400 Subject: [PATCH] doc: use `git-secure-tag` for release tags `git-secure-tag` recursively constructs an SHA-512 digest out of the git tree, and puts the hash from the tree's root into the tag annotation. This hash provides better integrity guarantees than the default SHA-1 merkle tree that git uses. Fix: #7579 PR-URL: https://github.com/nodejs/node/pull/7603 Reviewed-By: Rod Vagg Reviewed-By: James M Snell Reviewed-By: Evan Lucas --- doc/releases.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/doc/releases.md b/doc/releases.md index b7e00683693027..f8723d4f831c80 100644 --- a/doc/releases.md +++ b/doc/releases.md @@ -189,10 +189,16 @@ Once you have produced builds that you're happy with, create a new tag. By waiti Tag summaries have a predictable format, look at a recent tag to see, `git tag -v v6.0.0`. The message should look something like `2016-04-26 Node.js v6.0.0 (Current) Release`. -Create a tag using the following command: +Install `git-secure-tag` npm module: +```console +$ npm install -g git-secure-tag ``` -$ git tag -sm 'YYYY-MM-DD Node.js vx.y.z (Release Type) Release' + +Create a tag using the following command: + +```sh +$ git secure-tag -sm 'YYYY-MM-DD Node.js vx.y.z (Release Type) Release' ``` The tag **must** be signed using the GPG key that's listed for you on the project README.