On Monday 04 June 2007, Matthias Lederhofer wrote: > Johan Herland <johan@xxxxxxxxxxx> wrote: > > 1. Make the "tag" header optional. The "tag" header contains the tag name, > > which is optional for 'notes'. The new semantics for the "tag" header > > are as follows: The tag header _must_ be given for signed tags (this > > is already enforced by git-tag.sh). When the tag header is not given, > > its value defaults to the empty string. > > Why must signed tags have a tag header? Will notes optionally have a > tag header? The purpose of signing a tag is to cryptographically verify the thing pointed at by the tag. But you also want to protect the tag itself. In order to make it harder for someone to rename a signed tag (thereby opening the door to replacing it with a different - possibly signed - malicious tag), you want to include the tag name in the signed data. This allows us to verify that the tag ref (as stored in '.git/refs') is identical to the tag name stored inside the signed object. Yes, 'notes' will optionally have a "tag" header. When I originally designed notes, I didn't think anybody would want to name their notes, but Linus requested it, and there's no technical argument against it. Note that if you name your note, and put a ref to it (under '.git/refs'), there's technically no distinction between a tag object and a note object, except what you choose to put in the "keywords" header, of course. Have fun! ...Johan -- Johan Herland, <johan@xxxxxxxxxxx> www.herland.net - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
