[tz] Tonga returns to DST on 2016-11-06

Paul Eggert eggert at cs.ucla.edu
Fri Nov 4 20:38:44 UTC 2016

On 11/04/2016 12:29 PM, Andreas Heigl wrote:
> It's a feature from git itself, not github.
> https://git-scm.com/book/uz/v2/Git-Tools-Signing-Your-Work
> It is based on GPG-Keys so there's no central trusted instance which can
> be a benefit or a curse depending on how you look at it.

Except for 2016f (where I used a "wrong" key), I have been signing these 
tags using the public key ED97E90E62AA7E34 registered at pgp.mit.edu.

I didn't know until today about GitHub's "Verified" UI that was 
introduced in April. To help out with that, I just now uploaded the 
public key to my GitHub account, so that GitHub now verifies release 
tags at <https://github.com/eggert/tz/tags>.

You can also verify the tags using plain Git, assuming you have imported 
the public key from pgp.mit.edu:

$ git tag -v 2016i
object 9774c293b7ea6ec7be851cb0b2a0807840e6793e
type commit
tag 2016i
tagger Paul Eggert <eggert at cs.ucla.edu> 1478067592 -0700

Release 2016i
gpg: Signature made Tue 01 Nov 2016 11:21:17 PM PDT using RSA key ID 
gpg: Good signature from "Paul Eggert <eggert at cs.ucla.edu>"

Hmm, I now see that the signature timetamp is later than the release 
timestamp (1478067592 = 2016-11-01 23:19:52 -0700, the time stamp 
documented in the NEWS file). That is annoying. I wonder if this 
discrepancy can be fixed in later releases?

More information about the tz mailing list