On Fri, 2009-04-17 at 22:55 -0400, Behdad Esfahbod wrote: > Hi Owen, > > I'm trying to fill in http://live.gnome.org/Git/Help/LightweightTags > Is it that we just disallow lightweight tags, or also tag objects with no gpg > signature? If the former, don't we really want the latter?
The reason not to use a lightweight tag is that they have no information about who created the tag, when, or why. Annotated tags (git tag -a) and signed tags (git tag -s) have that information so are preferred. There are reasons to me why someone might want to use an annotated tag instead of a signed tag: - They don't have GPG set up and can't set it up with reasonable ease (on Windows, perhaps) - They don't have a GPG key (or forgot their passphrase) and they need to get something tagged - They are tagging an old version on behalf of someone else For releases I think we want to strongly suggest, but not require, a signed tag with with 'git tag -s'. - Owen Note: From a strategy point of view, the reason to forbid lightweight tags, is not that they are evil, but that it's really easy to make them because you don't know about the alternatives, and the alternatives are better. It also prevents the sequence git tag show git tag -s v3.4.5 git push --tags from pushing a lightweight tag called 'show'. _______________________________________________ gnome-infrastructure mailing list [email protected] http://mail.gnome.org/mailman/listinfo/gnome-infrastructure
