On Fri, Feb 03, 2012 at 09:22:44PM -0800, Junio C Hamano wrote: >Tom Grennan <tmgrennan@xxxxxxxxx> writes: > >> Wouldn't you want Shawn and Jeff to tag the object (commit, tree, or >> blob) that you had tagged? > >No. > >We _designed_ our tag objects so that they are capable of pointing at >another tag, not the object that is pointed at that other tag. And that >is the example usage I gave you. > >The statement by Shawn and Jeff, "This tag is Gitster's" is exactly that. >It was not about asserting the authenticity of the commit. It was about >the tag object I created. Hmm, how about "git verify-tag [[-v] [--to]] <tag|object>"? With "--to", all tags to the given tag (or object) are verified. Without "--to" just the given <tag> is verified. >> gitster$ git verify-tag --pointed v1.7.10 >> tag v1.7.10: OK > >Just saying "$name: OK" will *never* be acceptable. "A signature made by >any key in my keychain is fine" is not the usual use case. At least the >output needs to be "Good signature from X". OK, I'll have to play with the gpg --verify-options. -- TomG -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html