On Mon, Apr 6, 2009 at 3:16 PM, Finn Arne Gangstad <finnag@xxxxxxx> wrote: > git submodule update just does "git fetch" and hopes that the required > commit appears. In practice this means that you (may) need to invent a > tag or a branch for all the submodules, otherwise they are not > fetchable. > > This bit us pretty hard when we tried to use submodules earlier, so we > gave up. Maybe some day... It "hopes" to find them? This is actually my other reason for bringing the whole SHA key fetching thing up. From what I can see, it is not possible to implement submodules sensibly without support for fetching SHA keys. I.e. I want fetch, checkout and every other command to recurse as needed in the presence of submodules. This limitation forces me to implement a whole CM tool where none should be necessary. It appears to me that the security concern (being able to hide commits by making them unreachable from a named reference) is actually a policy decision and not a technical one. On what grounds does Git decide for me how to handle security concerns? It just seems more important to be able to have recursive submodule behaviour than to provide band aid for careless users. Out of curiosity: Is it really possible to change the value of an already pushed tag? Can you only do the hiding trick with branches? BR / Klas -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html