Luke Shumaker <lukeshu@xxxxxxxxxxx> writes: > How about: > > | Specify how to handle signed tags. Since any transformation after the > | export (or during the export, such as excluding revisions) can change > | the hashes being signed, the signatures may not match. I find it a bit worrying that it is unclear what the signature may not match. Knowing Git, I know the answer is "contents that is signed", and I want to make sure it is clear for all readers. Would "may become invalid" be better? I dunno. > | When asking to 'abort' (which is the default), this program will die > | when encountering a signed tag. With 'strip', the tags will silently > | be made unsigned, with 'warn-strip' they will be made unsigned but a > | warning will be displayed, with 'verbatim', they will be silently > | exported and with 'warn-verbatim' (or 'warn', a deprecated synonym), > | they will be exported, but you will see a warning. 'verbatim' should > | not be used unless you know that no transformations affecting tags > | will be performed, or unless you do not care that the resulting tag > | will have an invalid signature. OK. As the current version of "fast-import" has no way to specify what is done to incoming signed tags, it may be the best we can do to discourage 'verbatim'. But if it learns "--signed-tags=<disposition>", I think the resulting ecosystem would become much better. In the ideal world, I would imagine that we want to encourage to always write out the original signatures to the export stream, let any intermediary filters process the stream, and at the very end stage at fast-import, have the --signed-commit/tag option to control what is done to such signatures. The set of plausible options are what you invented for the export side in this series, plus "if the signature still matches, keep it, otherwise strip with warning". If we want to get closer to such an ideal world (you can point out I am wrong and why such a world is not ideal, of course, though), we probably do not want to add "--signed-commit" to "fast-export", as it will have to get deprecated when the ideal world happens. Rather, the future would deprecate the existing "--signed-tags" option from "fast-export" instead.
