From: Stefan Beller <sbeller@google.com>
To: Junio C Hamano <gitster@pobox.com>
Cc: tom@oxix.org, "Matthieu Moy" <Matthieu.Moy@imag.fr>,
"git@vger.kernel.org" <git@vger.kernel.org>,
"Jakub Narębski" <jnareb@gmail.com>
Subject: Re: [Request for Documentation] Differentiate signed (commits/tags/pushes)
Date: Mon, 6 Mar 2017 16:58:16 -0800 [thread overview]
Message-ID: <CAGZ79kYaUsyU9toKjiCahtUC2Ze7KnZ+iMByu6woyZEnH_10kA@mail.gmail.com> (raw)
In-Reply-To: <xmqq4lz6ymlt.fsf@junio-linux.mtv.corp.google.com>
On Mon, Mar 6, 2017 at 4:08 PM, Junio C Hamano <gitster@pobox.com> wrote:
> Stefan Beller <sbeller@google.com> writes:
>
>>> "tag -s" also has the benefit of being retroactive. You can create
>>> commit, think about it for a week and then later tag it. And ask
>>> others to also tag the same one. You cannot do so with "commit -s".
>>
>> ok, so there is *no* advantage of signing a commit over tags?
>
> Did I say anything that remotely resembles that? Puzzled.
Well that was brain having a short circuit.
>
> If the reason you want to have GPG signature on a commit is not
> because you want to mark some meaningful place in the history, but
> you are signing each and every ones out of some random reason,
and I am looking for these "some random reason"s.
If it is e.g. a ISO9001 requirement, I'll happily accept that as such.
By signing things, you certify your intent, i.e. by signing a commit,
you certify that you intent to create the commit as-is in some repository
on some branch (unlike the push certificate that specifies the repo and
branch).
> there
> is no reason why you would want "tag -s" them, so you can see it as
> an advantage of "commit -s" over "tag -s", because to such a
> project, all commits that are not tagged look the same and there is
> no "landmark" value to use "tag -s" for each and every one of them.
Okay. They are two different things, but to me they seem to archive
the same thing, with a tag having more niceties provided.
e.g. when you make a new release, you could just bump the version
in the versions file and sign the commit. As the commit is part of the
master branch it would not get lost.
The formerly mentioned "not polluting the refs/tags namespace"
is applicable to mergetags, that are a side tangent to signing
the commit vs creating a tag?
Now as Jakub mentions that signed commits came before the
mergetags were introduced, the existence of signed commits
sort of makes sense, as they were there first, but now are
superseded by more powerful tools.
> It is entirely reasonable to sign a merge commit that merges a
> signed tag. They serve two different and unrelated purposes.
The signed tag that gets merged certifies the intent of the lieutenant
to ask for this specific content to be pulled and integrated, whereas
the signing of the commit certifies that the integrator intends to create
the merge commit as-is and e.g. resolve the merge conflicts as recorded.
Thanks,
Stefan
next prev parent reply other threads:[~2017-03-07 1:08 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-06 19:59 [Request for Documentation] Differentiate signed (commits/tags/pushes) Stefan Beller
2017-03-06 22:13 ` Junio C Hamano
2017-03-06 22:52 ` Stefan Beller
2017-03-07 0:08 ` Junio C Hamano
2017-03-07 0:58 ` Stefan Beller [this message]
2017-03-06 23:03 ` Junio C Hamano
2017-03-06 23:59 ` Jakub Narębski
2017-03-07 0:16 ` Junio C Hamano
2017-03-07 7:16 ` Matthieu Moy
2017-03-07 9:23 ` Jeff King
2017-03-07 9:45 ` Tom Jones
2017-03-07 22:19 ` Stefan Beller
2017-03-08 5:41 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAGZ79kYaUsyU9toKjiCahtUC2Ze7KnZ+iMByu6woyZEnH_10kA@mail.gmail.com \
--to=sbeller@google.com \
--cc=Matthieu.Moy@imag.fr \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=jnareb@gmail.com \
--cc=tom@oxix.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).