Jakub Narębski <jnareb@xxxxxxxxx> writes: > Also from what I remember signed commits came before mergetags, that > is the result of merging a signed tag (storing the signature of > one of parents of the merge commit to not pollute tag namespace). > > And this workflow, from what I know, is quite useful. The "commit -s" on a merge commit lets you as the integrator to attest that you made that merge. The "mergetag" records the signature by the contributor that says the tip that was merged was what the contributor wanted to get merged. It is entirely reasonable to sign a merge commit that merges a signed tag. They serve two different and unrelated purposes.