http://ariejan.net/2009/09/04/git-tag-mini-cheat-sheet/ PENDING: Not Yet Implemented Thu, 11 Mar 2010 04:50:50 +0000 http://wordpress.org/?v=2.9.2 hourly 1 http://ariejan.net/2009/09/04/git-tag-mini-cheat-sheet/comment-page-1/#comment-10877 Ariejan de Vroom Sat, 05 Sep 2009 20:24:07 +0000 http://ariejan.net/?p=500#comment-10877 Great explanation Jörg! Thanks! However, I never noticed annotated and signed tags getting pushed automatically. Can you elaborate on that? Great explanation Jörg! Thanks! However, I never noticed annotated and signed tags getting pushed automatically. Can you elaborate on that?

]]> http://ariejan.net/2009/09/04/git-tag-mini-cheat-sheet/comment-page-1/#comment-10876 Jörg W Mittag Sat, 05 Sep 2009 19:31:03 +0000 http://ariejan.net/?p=500#comment-10876 Git actually has three different kinds of tags: lightweight local tags, annotated tags and signed tags. The ones you are describing are lightweight tags. They are meant for local throwaway use by a single developer, which is why they are neither pushed nor fetched by default. The next step up is an annotated tag, created with git tag -a. In addition to just having a name, it also has an associated message, typically it contains a description of *why* this particular tag is interesting, e.g. in the case of a release, it contains the release announcement so that people who only follow the repo but not the mailinglists get the gist of what's going on. It is meant for public tags, i.e. tags that are of interest to the entire community, not just to the owner of the repository. Consequently, they are pushed and fetched by default. Lastly, signed tags are basically annotated tags that are digitally signed with an OpenPGP signature. These are typically used for releases. Signed tags are the typical way to establish trust in a Git repository: while the SHA-1s guarantee the integrity of the repository, only the signature can provide trust. They, too, get pushed and fetched automatically. Git actually has three different kinds of tags: lightweight local tags, annotated tags and signed tags. The ones you are describing are lightweight tags. They are meant for local throwaway use by a single developer, which is why they are neither pushed nor fetched by default. The next step up is an annotated tag, created with git tag -a. In addition to just having a name, it also has an associated message, typically it contains a description of *why* this particular tag is interesting, e.g. in the case of a release, it contains the release announcement so that people who only follow the repo but not the mailinglists get the gist of what’s going on. It is meant for public tags, i.e. tags that are of interest to the entire community, not just to the owner of the repository. Consequently, they are pushed and fetched by default. Lastly, signed tags are basically annotated tags that are digitally signed with an OpenPGP signature. These are typically used for releases. Signed tags are the typical way to establish trust in a Git repository: while the SHA-1s guarantee the integrity of the repository, only the signature can provide trust. They, too, get pushed and fetched automatically.

]]>