Git release tagging best practices

Daniel Kahn Gillmor dkg at
Fri Mar 22 04:12:07 CET 2019

On Thu 2019-03-21 14:50:56 -0700, James Bottomley wrote:
> It can't.  Remember the name of the tag is metadata which is held in
> the git refs file not in the tag itself.  The signature of the tag is
> over the contents (including header contents like date and parent)
> which doesn't include the name.

Did you look at Peter's message?  Werner's signature over git tag
gnupg-2.2.15 does indeed include "tag gnupg-2.2.15".

> Absolutely not, at least not globally.  Remember the design use case
> for signed tags is cryptographically verified pull requests, in which
> case there is no name and the tag is discarded after the pull.

That sounds more like "push certificates" than signed tags to me, but
i'm not up on the details of push certificates, so i might be wrong
about that.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <>

More information about the Gnupg-devel mailing list