Re: [Request for Documentation] Differentiate signed (commits/tags/pushes)
- Date: Tue, 7 Mar 2017 00:59:10 +0100
- From: Jakub Narębski <jnareb@xxxxxxxxx>
- Subject: Re: [Request for Documentation] Differentiate signed (commits/tags/pushes)
W dniu 06.03.2017 o 23:13, Junio C Hamano pisze:
> Stefan Beller <sbeller@xxxxxxxxxx> writes:
>> What is the difference between signed commits and tags?
>> (Not from a technical perspective, but for the end user)
>> Off list I was told gpg-signed commits are a "checkbox feature",
>> i.e. no real world workflow would actually use it. (That's a bold
>> statement, someone has to use it as there was enough interest
>> to implement it, no?)
> I'd agree with that "checkbox" description, except that you need to
> remember that a project can enforce _any_ workflow to its developer,
> even if it does not make much sense, and at that point, the workflow
> would become a real-world workflow. The word "real world workflow"
> does not make any assurance if that workflow is sensible.
> Historically, "tag -s" came a lot earlier. When a project for
> whatever reason wants signature for each and every commit so that
> they somehow can feel good, without "commit -s", it would have made
> us unnecessary work to scale tag namespace only because there will
> be tons of pointless tags. "commit -s" was a remedy for that.
Also from what I remember signed commits came before mergetags, that
is the result of merging a signed tag (storing the signature of
one of parents of the merge commit to not pollute tag namespace).
And this workflow, from what I know, is quite useful.