On Mon, Oct 31, 2011 at 11:23 AM, Junio C Hamano <gitster@xxxxxxxxx> wrote: > > It certainly lets you run "git tag --verify" after you pulled and will > give you assurance that you pulled the right thing from the right person, > but what do you plan to do to the tag from your lieutenants after you > fetched and verified? I count 379 merges by you between 3.0 (2011-07-21) > and 3.1 (2011-10-24), which would mean you would see 4-5 tags per day on > average. Will these tags be pushed out to your public history? No, you misunderstand. I can do that kind of "crazy manual check of a tag" today. And it's too painful to be useful in the long run (or even the short run - I'd much prefer the pgp signature in the email which is easier to check and more visible anyway). Fetching a tag by name and saving it as a tag is indeed pointless. But what would be nice is that "git pull" would fetch the tag (based on name) *automatically*, and not actually create a tag in my repository at all. Instead, if would use the tag to check the signature, and - if we do this right - also use the tag contents to populate the merge commit message. In other words, no actual tag would ever be left around as a turd, it would simply be used as an automatic communication channel between the "git push -s" of the submitter and my subsequent "git pull". Neither side would have to do anything special, and the tag would never show up in any relevant tree (it could even be in a totally separate namespace like "refs/pullmarker/<branchname>" or something). Linus -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html