Hello all.
Yesterday between roughly 1pm - 2:30pm UTC `git fetch` on core was failing with the exact error being 1.43.0-rc.0 -> 1.43.0-rc.0 (would clobber existing tag) for both 1.43.0-rc.0 and 1.43.0 tags.
This error was because I recreated the 2 tags i.e. the original tags deleted and new ones with the exact names pointing to the exact commits created. The reason for the update was to add missing GPG signature. Tags are never meant to update (hence why fetching updated tags will by default reject the tags unless you fetch with --force or do a local git tag -d)
The prompt for doing it now, was creation of a tarball diff for 1.43.0-rc.0, and that process led to a "tag not signed error", thus realizing it hasn't been signed.
We fixed this error https://phabricator.wikimedia.org/T400729by restoring the original tags.
Some ideas we have discussed going forward to prevent this is in addition to having the documented requirement in the Release Checklist https://www.mediawiki.org/wiki/Release_checklist for signed artefacts, enforce the same from the artefacts scripts creation level.
Cheers.
On Wed, Jul 30, 2025 at 10:23 AM Atieno Njira pnjira@wikimedia.org wrote:
This error was because I recreated the 2 tags i.e. the original tags deleted and new ones with the exact names pointing to the exact commits created. The reason for the update was to add missing GPG signature. Tags are never meant to update (hence why fetching updated tags will by default reject the tags unless you fetch with --force or do a local git tag -d)
The prompt for doing it now, was creation of a tarball diff for 1.43.0-rc.0, and that process led to a "tag not signed error", thus realizing it hasn't been signed.
We fixed this error by restoring the original tags.
Thank you for this post-mortem announcement Atieno. It can be scary to stand up and tell folks that a problem happened because of your actions. Learning to stay calm, think about how to get out of the bad situation, and keep communicating with folks during a crisis is an important part of working on public projects.
This probably qualifies you for an "I broke Wikipedia... and then I fixed it!" sticker for your laptop. The important part of that is of course fixing things. MediaWiki is too easy to break to celebrate that aspect. ;)
Bryan
wikitech-l@lists.wikimedia.org