Mauro Carvalho Chehab venit, vidit, dixit 05.09.2011 22:26: > Em 04-09-2011 20:27, Linus Torvalds escreveu: > >> One thing to note: If you just do >> >> git pull https://github.com/torvalds/linux.git >> >> you probably won't get the tags, since it's not your origin branch. So do >> >> git fetch --tags<...> >> >> too, so that you get not only the actual changes, but the tag that you >> can verify too. >> > > It would be great if "git remote update" could also verify the tag > signature (if present), as most of us just do a "git remote update". ...when you should "git fetch --all" ;) > Maybe an extra parameter for git config remote.tagopt? > > Ok, if in doubt, we can always use git tag -v <new tag>, but doing > it automagically would help us to detect if a git tag got mangled > by some at the moment we update our trees, with seems to be > a good idea. The update hook (if you want to reject falsified tags) or post-update hook (if you want to be warned) is the perfect place for this. It would be worth amending the standard update hook, me thinks, after removing its insisting on a project description, and maybe switching the defaults. Michael -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html