On Mon, Mar 6, 2017 at 2:13 PM, Junio C Hamano <gitster@xxxxxxxxx> wrote: > Stefan Beller <sbeller@xxxxxxxxxx> writes: > >> What is the difference between signed commits and tags? >> (Not from a technical perspective, but for the end user) > > When you "commit -s", you are signing the bytes in the commit > object, which means that you are attesting the fact that the tree > you wanted to record is one of the 47 other colliding tree objects > that happen to share that 40-hex hash value, and also the fact that > the commits you wanted to record as its parents have certain SHA-1 > hash values. As you are relying on the resistance to preimage > attack against SHA-1 at least locally around that signed commit, > there wouldn't be meaningful difference between a 50-commit series > each of which is individually signed with "commit -s", such a > 50-commit series, only the top of which is signed with "commit -s", > and the same 50-commit series, on the top of which is signed with > "tag -s". > > "tag -s" also has the benefit of being retroactive. You can create > commit, think about it for a week and then later tag it. And ask > others to also tag the same one. You cannot do so with "commit -s". ok, so there is *no* advantage of signing a commit over tags? I'll see if I can write a patch that enhances Documentation/git-commit.txt pointing to git-tag instead. >> A signed push can certify that a given payload (consisting >> of multiple commits on possibly multiple branches) was transmitted >> to a remote, which can be recorded by the remote as e.g. a proof >> of work. > > A signed push is _NOT_ about certifying the objects in the history Yes that is my understanding, though I was unclear in writing it. > I'd agree with that "checkbox" description, [...] > "commit -s" was a remedy for that. Out of curiosity: Does (did) such a project exist? Can I read up on that and their best practices? Thanks, Stefan