Signing releases
22 views
Skip to first unread message
Wouter J
Apr 7, 2016, 4:52:31 AM4/7/16
to symfony-cmf-devs
Github now shows whether tags are signed (and these signs are verified). I think
we should start signing our releases, to give some security to our users.
The drawback of signing releases is that we can no longer use the GitHub GUI,
we have to tag things locally (which is pretty simple btw, just adding -s when
executing git tag). However, I think this should not be that much of a problem
and it would prevent creating tags for wrong branches.
It also means we have to be carefull when releasing, as it means the releaser/
signer is responsible for the changes introduced by that tag. However, given
that we somewhat decided to make the bundles more seperate (with their
own main maintainer/owner), I think adding this responsibility is good.
I would like to know what you think about this.
David Buchmann
Apr 7, 2016, 10:01:16 AM4/7/16
to symfony-...@googlegroups.com
+1
so do we create a wiki page where we track official maintainers for each
package in the symfony-cmf organization?
> --
> You received this message because you are subscribed to the Google
> Groups "symfony-cmf-devs" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to symfony-cmf-de...@googlegroups.com
> <mailto:symfony-cmf-de...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.
--
Liip AG // Agile Web Development // T +41 43 500 39 80
CH-8005 Zurich // PGP 0xA581808B // www.liip.ch
so do we create a wiki page where we track official maintainers for each
package in the symfony-cmf organization?
> You received this message because you are subscribed to the Google
> Groups "symfony-cmf-devs" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to symfony-cmf-de...@googlegroups.com
> <mailto:symfony-cmf-de...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.
--
Liip AG // Agile Web Development // T +41 43 500 39 80
CH-8005 Zurich // PGP 0xA581808B // www.liip.ch
gmx Privat
Apr 7, 2016, 10:18:33 AM4/7/16
to symfony-...@googlegroups.com
Can we add a little howto into the Wiki for doing signed releases right. I peronally like tagging by github, cause i really forget everytime when to use -a on tagging and when not.
Wouter de Jong
Apr 7, 2016, 10:42:45 AM4/7/16
to Daniel Leech
When signing a tag, you don't need -a, but -s instead: https://git-scm.com/book/uz/v2/Git-Tools-Signing-Your-Work#Signing-Tags
E.g: git tag -a 1.4.0-RC1
2016-04-07 16:18 GMT+02:00 gmx Privat <maximilia...@gmx.de>:
Can we add a little howto into the Wiki for doing signed releases right. I peronally like tagging by github, cause i really forget everytime when to use -a on tagging and when not.
--
You received this message because you are subscribed to the Google Groups "symfony-cmf-devs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to symfony-cmf-de...@googlegroups.com.
Wouter de Jong
Apr 7, 2016, 10:47:27 AM4/7/16
to Daniel Leech
Btw, afaik we used to have a wiki article showing the bundles and the
responsible maintainer, but I can't find it anymore. Unless someone finds
it, I'll create a new wiki page this weekend.
David Buchmann
Apr 7, 2016, 11:44:05 AM4/7/16
to symfony-...@googlegroups.com
> Btw, afaik we used to have a wiki article showing the bundles and the
> responsible maintainer, but I can't find it anymore. Unless someone finds
> it, I'll create a new wiki page this weekend.
i can't find that page either. i think we probably had that for the 1.3
> responsible maintainer, but I can't find it anymore. Unless someone finds
> it, I'll create a new wiki page this weekend.
(or 1.2) release at some point, but cleaned it up as it was only about
who leads finalization of the bundles. i think we also had some names in
the mail thread about which bundles we can maintain but i can't seem to
find that either right now.
glad if you can create a new wiki page. if you find the thread and it
has name, we can maybe already pre fill some names.
Wouter de Jong
Apr 8, 2016, 4:33:26 AM4/8/16
to Daniel Leech
I've created https://github.com/symfony-cmf/symfony-cmf/wiki/CMF-Packages and
put my name on some packages already.
Daniel Leech
Apr 8, 2016, 4:43:46 AM4/8/16
to symfony-...@googlegroups.com
I have taken RoutingAuto and RoutingAutoBundle, would also consider
taking SlugifierApi.
On Fri, Apr 08, 2016 at 10:33:25AM +0200, Wouter de Jong wrote:
> I've
> created [1]https://github.com/symfony-cmf/symfony-cmf/wiki/CMF-Packages
> For more options, visit [4]https://groups.google.com/d/optout.
> For more options, visit [6]https://groups.google.com/d/optout.
>
> References
>
> Visible links
> 1. https://github.com/symfony-cmf/symfony-cmf/wiki/CMF-Packages
> 2. mailto:da...@liip.ch
> 3. mailto:symfony-cmf-devs%2Bunsu...@googlegroups.com
> 4. https://groups.google.com/d/optout
> 5. mailto:symfony-cmf-de...@googlegroups.com
> 6. https://groups.google.com/d/optout
taking SlugifierApi.
On Fri, Apr 08, 2016 at 10:33:25AM +0200, Wouter de Jong wrote:
> I've
> created [1]https://github.com/symfony-cmf/symfony-cmf/wiki/CMF-Packages
> and
> put my name on some packages already.
> put my name on some packages already.
> 2016-04-07 17:43 GMT+02:00 David Buchmann <[2]da...@liip.ch>:
>
> > Btw, afaik we used to have a wiki article showing the bundles and the
> > responsible maintainer, but I can't find it anymore. Unless someone
> finds
> > it, I'll create a new wiki page this weekend.
>
> i can't find that page either. i think we probably had that for the 1.3
> (or 1.2) release at some point, but cleaned it up as it was only about
> who leads finalization of the bundles. i think we also had some names in
> the mail thread about which bundles we can maintain but i can't seem to
> find that either right now.
>
> glad if you can create a new wiki page. if you find the thread and it
> has name, we can maybe already pre fill some names.
> --
> You received this message because you are subscribed to the Google
> Groups "symfony-cmf-devs" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to [3]symfony-cmf-de...@googlegroups.com.
>
> > Btw, afaik we used to have a wiki article showing the bundles and the
> > responsible maintainer, but I can't find it anymore. Unless someone
> finds
> > it, I'll create a new wiki page this weekend.
>
> i can't find that page either. i think we probably had that for the 1.3
> (or 1.2) release at some point, but cleaned it up as it was only about
> who leads finalization of the bundles. i think we also had some names in
> the mail thread about which bundles we can maintain but i can't seem to
> find that either right now.
>
> glad if you can create a new wiki page. if you find the thread and it
> has name, we can maybe already pre fill some names.
> --
> You received this message because you are subscribed to the Google
> Groups "symfony-cmf-devs" group.
> To unsubscribe from this group and stop receiving emails from it, send
> For more options, visit [4]https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google Groups
> "symfony-cmf-devs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [5]symfony-cmf-de...@googlegroups.com.
> --
> You received this message because you are subscribed to the Google Groups
> "symfony-cmf-devs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> For more options, visit [6]https://groups.google.com/d/optout.
>
> References
>
> Visible links
> 1. https://github.com/symfony-cmf/symfony-cmf/wiki/CMF-Packages
> 2. mailto:da...@liip.ch
> 3. mailto:symfony-cmf-devs%2Bunsu...@googlegroups.com
> 4. https://groups.google.com/d/optout
> 5. mailto:symfony-cmf-de...@googlegroups.com
> 6. https://groups.google.com/d/optout
gmx Privat
Apr 8, 2016, 5:55:52 AM4/8/16
to symfony-...@googlegroups.com
I will take Seo and and all REST/Resources related stuff. Will put my Name on it, when i am back on Sunday.
David Buchmann
Apr 8, 2016, 6:02:08 AM4/8/16
to symfony-...@googlegroups.com
thanks a lot for the list!
i added myself for routing and the core bundle.
could we drop the block bundle? i am not sure if its used all that much.
and with the integration in sonata block bundle its quite complicated to
use.
or is it required in sonata admin?
On 08.04.2016 10:33, Wouter de Jong wrote:
> I've
> created https://github.com/symfony-cmf/symfony-cmf/wiki/CMF-Packages and
> put my name on some packages already.
>
> 2016-04-07 17:43 GMT+02:00 David Buchmann <da...@liip.ch
> <mailto:da...@liip.ch>>:
i added myself for routing and the core bundle.
could we drop the block bundle? i am not sure if its used all that much.
and with the integration in sonata block bundle its quite complicated to
use.
or is it required in sonata admin?
On 08.04.2016 10:33, Wouter de Jong wrote:
> I've
> created https://github.com/symfony-cmf/symfony-cmf/wiki/CMF-Packages and
> put my name on some packages already.
>
> 2016-04-07 17:43 GMT+02:00 David Buchmann <da...@liip.ch
>
> > Btw, afaik we used to have a wiki article showing the bundles and the
> > responsible maintainer, but I can't find it anymore. Unless someone finds
> > it, I'll create a new wiki page this weekend.
>
> i can't find that page either. i think we probably had that for the 1.3
> (or 1.2) release at some point, but cleaned it up as it was only about
> who leads finalization of the bundles. i think we also had some names in
> the mail thread about which bundles we can maintain but i can't seem to
> find that either right now.
>
> glad if you can create a new wiki page. if you find the thread and it
> has name, we can maybe already pre fill some names.
>
> --
> You received this message because you are subscribed to the Google
> Groups "symfony-cmf-devs" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to symfony-cmf-de...@googlegroups.com
> <mailto:symfony-cmf-devs%2Bunsu...@googlegroups.com>.
> > Btw, afaik we used to have a wiki article showing the bundles and the
> > responsible maintainer, but I can't find it anymore. Unless someone finds
> > it, I'll create a new wiki page this weekend.
>
> i can't find that page either. i think we probably had that for the 1.3
> (or 1.2) release at some point, but cleaned it up as it was only about
> who leads finalization of the bundles. i think we also had some names in
> the mail thread about which bundles we can maintain but i can't seem to
> find that either right now.
>
> glad if you can create a new wiki page. if you find the thread and it
> has name, we can maybe already pre fill some names.
>
> --
> You received this message because you are subscribed to the Google
> Groups "symfony-cmf-devs" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to symfony-cmf-de...@googlegroups.com
> --
> You received this message because you are subscribed to the Google
> Groups "symfony-cmf-devs" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to symfony-cmf-de...@googlegroups.com
> <mailto:symfony-cmf-de...@googlegroups.com>.
> You received this message because you are subscribed to the Google
> Groups "symfony-cmf-devs" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to symfony-cmf-de...@googlegroups.com
Wouter de Jong
Apr 8, 2016, 6:43:51 AM4/8/16
to Daniel Leech
could we drop the block bundle? i am not sure if its used all that much.
and with the integration in sonata block bundle its quite complicated to
use.
Imo, blocks are one of the most fundamental things of a CMS system. I
think we should keep support for the BlockBundle.
To unsubscribe from this group and stop receiving emails from it, send an email to symfony-cmf-de...@googlegroups.com.
gmx Privat
Apr 8, 2016, 7:07:23 AM4/8/16
to symfony-...@googlegroups.com
could we drop the block bundle? i am not sure if its used all that much.
and with the integration in sonata block bundle its quite complicated to
use.Imo, blocks are one of the most fundamental things of a CMS system. Ithink we should keep support for the BlockBundle.
++++1
We should keep it. Building Pages out of blocks is a major feature. We should extend that and create an Admin where a user has got the posibility to fill a container on a grid by drag & drop and enable frontend editing for them. That is my personal dream. So if nobody likes that bundle i will take it. But would see seo and REST first.
Greetz Max.
Maximilian Berghoff
Jun 15, 2016, 4:46:44 PM6/15/16
to symfony-cmf-devs
Hi,
Max
Maximilian Berghoff
Jun 16, 2016, 3:41:44 AM6/16/16
to symfony-cmf-devs
Btw: Editing the release on Github to make it look and feel like before (big and blue) is possible to. So just the tagging should be done locally.
Wouter de Jong
Jun 22, 2016, 5:16:47 AM6/22/16
to Daniel Leech
MenuBundle 2.0.1 is signed too: https://github.com/symfony-cmf/menu-bundle/releases/tag/2.0.1
David, looks like you forgot to sign some release you've done in the past weeks? :)
2016-06-16 9:41 GMT+02:00 Maximilian Berghoff <maximilia...@gmx.de>:
Btw: Editing the release on Github to make it look and feel like before (big and blue) is possible to. So just the tagging should be done locally.
--
David Buchmann
Jun 22, 2016, 5:37:26 AM6/22/16
to symfony-...@googlegroups.com
> David, looks like you forgot to sign some release you've done in the
> past weeks? :)
oh sorry, totally forgot about that. can i fix this, aka sign them now
> past weeks? :)
or is that too late?
Reply all
Reply to author
Forward
0 new messages