Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why sign Git tags?

Git provides the option to sign annotated tags with your GPG private key, but what is wrong with just accepting a tag's claimed origin? What damage could a spoofed tag do when the tag does not alter the commit?

like image 934
Tyler Parker Avatar asked Aug 30 '12 02:08

Tyler Parker


1 Answers

What is wrong with just accepting a tag's claimed origin?

That you have no guarantee that it's correct, you'd have to put trust in every single person who has access to the repo (authorized or not) not to falsely create a tag. Signing guarantees (at least as much as GPG can offer) that the person who created the tag is who you think they are.

What damage could a spoofed tag do when the tag does not alter the commit?

None. You seem to have gotten two different ideas confused here. A tag and a commit are completely separate objects—a tag points to a commit, but a tag is not a commit. Thus, a tag will never alter a commit. This is potentially where more danger lies: a falsified tag will not change the commit history unexpectedly, and would more easily go unnoticed.

like image 116
Andrew Marshall Avatar answered Oct 15 '22 14:10

Andrew Marshall