W dniu 06.03.2017 o 23:13, Junio C Hamano pisze: > Stefan Beller <sbel...@google.com> writes: > >> What is the difference between signed commits and tags? >> (Not from a technical perspective, but for the end user) [...] >> Off list I was told gpg-signed commits are a "checkbox feature", >> i.e. no real world workflow would actually use it. (That's a bold >> statement, someone has to use it as there was enough interest >> to implement it, no?) > > I'd agree with that "checkbox" description, except that you need to > remember that a project can enforce _any_ workflow to its developer, > even if it does not make much sense, and at that point, the workflow > would become a real-world workflow. The word "real world workflow" > does not make any assurance if that workflow is sensible. > > Historically, "tag -s" came a lot earlier. When a project for > whatever reason wants signature for each and every commit so that > they somehow can feel good, without "commit -s", it would have made > us unnecessary work to scale tag namespace only because there will > be tons of pointless tags. "commit -s" was a remedy for that.
Also from what I remember signed commits came before mergetags, that is the result of merging a signed tag (storing the signature of one of parents of the merge commit to not pollute tag namespace). And this workflow, from what I know, is quite useful. -- Jakub Narębski
