On Thu, Oct 26, 2017 at 02:33:37PM -0700, Jonathan Nieder wrote:
> Now I'm even more curious.
> 
> I don't think we have the full picture to understand whether this
> change is needed.  When adding a configuration item, we need to be
> able to explain to users what the configuration item is for, and so
> far the only answer I am hearing is "because we do not want to patch
> our build/release script, though we could in principle".  That doesn't
> sound like a compelling reason.
> 
> On the other hand, perhaps the answer is "our build/release script
> does not have a --sign option for the following reason, and this is a
> better interface for configuring it".
> 
> Or perhaps there is an answer that does not involve the build/release
> script.

I think this option is potentially quite useful.  Say we have a policy
which requires signed tags for auditability reasons.  Shipping a
standard system-wide gitconfig to all systems with this option can be
very useful and is easier than relying on individuals remembering the
required options.  Otherwise, somebody might create a lightweight tag
(or an unsigned tag) and push it by accident, which would be hard to
undo (because tags aren't overwritten).

In my open-source projects, I always want to create a signed tag, so I
would find this option useful.  The only time I want a lightweight tag
is in creating ephemeral repositories, and I can script that into my
alias.
-- 
brian m. carlson / brian with sandals: Houston, Texas, US
https://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: https://keybase.io/bk2204