Am 05.11.2011 07:01, schrieb Junio C Hamano: > When a contributor asks the integrator to merge her history, a signed tag > can be a good vehicle to communicate the authenticity of the request while > conveying other information such as the purpose of the topic. > > E.g. a signed tag "for-linus" can be created, and the integrator can run: > > $ git pull git://example.com/work.git/ for-linus > > This would allow the integrator to run "git verify-tag FETCH_HEAD" to > validate the signed tag. > > While we do not necessarily want to clutter the global tag namespace of > the project, we would want to leave enough information in the repository > to allow third party to later validate the resulting history. > > Update fmt-merge-msg that prepares the merge message template, and store > the contents of the signed tag object and the message that comes from GPG > signature validation at the end of it. The integrator can choose to leave > the contents of the tag in the resulting merge commit, or can choose to > remove it. The GPG validation message is inserted as a comment only to > help the integrator to review the validation result but otherwise will not > be recorded in the resulting merge commit, because later validation by > third parties does not need it. Since the tag signature depends on the tag message, including all spelin errors, the integrator must not change the text so that third parties can repeat the verification. (Correct?) I assume this is the reason that you put 'tag:' in front of the tag message, to discourage any changes. What if the tag is not signed? Does this code path trigger at all? In this case, I would prefer that the discouraging 'tag:' prefix were not present. The resulting text would fit more naturally in a commit message as a description of the commit/merge/topic. What do you think? -- Hannes -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html