On Thu, Oct 26, 2017 at 02:33:37PM -0700, Jonathan Nieder wrote: > Now I'm even more curious. > > I don't think we have the full picture to understand whether this > change is needed. When adding a configuration item, we need to be > able to explain to users what the configuration item is for, and so > far the only answer I am hearing is "because we do not want to patch > our build/release script, though we could in principle". That doesn't > sound like a compelling reason. > > On the other hand, perhaps the answer is "our build/release script > does not have a --sign option for the following reason, and this is a > better interface for configuring it". > > Or perhaps there is an answer that does not involve the build/release > script.
I think this option is potentially quite useful. Say we have a policy which requires signed tags for auditability reasons. Shipping a standard system-wide gitconfig to all systems with this option can be very useful and is easier than relying on individuals remembering the required options. Otherwise, somebody might create a lightweight tag (or an unsigned tag) and push it by accident, which would be hard to undo (because tags aren't overwritten). In my open-source projects, I always want to create a signed tag, so I would find this option useful. The only time I want a lightweight tag is in creating ephemeral repositories, and I can script that into my alias. -- brian m. carlson / brian with sandals: Houston, Texas, US https://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: https://keybase.io/bk2204
signature.asc
Description: PGP signature
