Re: On disallowing lightweight tags

On Fri, 2009-04-17 at 22:55 -0400, Behdad Esfahbod wrote:
> Hi Owen,
> I'm trying to fill in
> Is it that we just disallow lightweight tags, or also tag objects with no gpg 
> signature?  If the former, don't we really want the latter?

The reason not to use a lightweight tag is that they have no information
about who created the tag, when, or why.

Annotated tags (git tag -a) and signed tags (git tag -s) have that
information so are preferred.

There are reasons to me why someone might want to use an annotated tag
instead of a signed tag:

 - They don't have GPG set up and can't set it up with reasonable
   ease (on Windows, perhaps)
 - They don't have a GPG key (or forgot their passphrase) and they
   need to get something tagged
 - They are tagging an old version on behalf of someone else

For releases I think we want to strongly suggest, but not require, a
signed tag with with 'git tag -s'.

- Owen

Note: From a strategy point of view, the reason to forbid lightweight
tags, is not that they are evil, but that it's really easy to make them
because you don't know about the alternatives, and the alternatives are

It also prevents the sequence

 git tag show
 git tag -s v3.4.5
 git push --tags

from pushing a lightweight tag called 'show'.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]