Re: [PATCH] tag: add tag.gpgSign config option to force all tags be GPG-signed

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Oct 26, 2017 at 02:33:37PM -0700, Jonathan Nieder wrote:
> Now I'm even more curious.
> 
> I don't think we have the full picture to understand whether this
> change is needed.  When adding a configuration item, we need to be
> able to explain to users what the configuration item is for, and so
> far the only answer I am hearing is "because we do not want to patch
> our build/release script, though we could in principle".  That doesn't
> sound like a compelling reason.
> 
> On the other hand, perhaps the answer is "our build/release script
> does not have a --sign option for the following reason, and this is a
> better interface for configuring it".
> 
> Or perhaps there is an answer that does not involve the build/release
> script.

I think this option is potentially quite useful.  Say we have a policy
which requires signed tags for auditability reasons.  Shipping a
standard system-wide gitconfig to all systems with this option can be
very useful and is easier than relying on individuals remembering the
required options.  Otherwise, somebody might create a lightweight tag
(or an unsigned tag) and push it by accident, which would be hard to
undo (because tags aren't overwritten).

In my open-source projects, I always want to create a signed tag, so I
would find this option useful.  The only time I want a lightweight tag
is in creating ephemeral repositories, and I can script that into my
alias.
-- 
brian m. carlson / brian with sandals: Houston, Texas, US
https://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: https://keybase.io/bk2204

Attachment: signature.asc
Description: PGP signature


[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux