All of lore.kernel.org
 help / color / mirror / Atom feed
From: Linus Torvalds <torvalds@linux-foundation.org>
To: Theodore Tso <tytso@mit.edu>
Cc: Junio C Hamano <junkio@cox.net>, Alex Riesen <raa.lkml@gmail.com>,
	Alex Bennee <kernel-hacker@bennee.com>,
	git@vger.kernel.org
Subject: Re: git-pull and tag objects
Date: Sat, 10 Feb 2007 09:56:25 -0800 (PST)	[thread overview]
Message-ID: <Pine.LNX.4.64.0702100938540.8424@woody.linux-foundation.org> (raw)
In-Reply-To: <20070210142322.GB25607@thunk.org>



On Sat, 10 Feb 2007, Theodore Tso wrote:
> 
> This brings up another question which I've been looking for, but for
> which I haven't found a good answer in the git documentation.  A
> google search shows a suggestion by hpa (and a brief discussion from
> sct) about how to handle conflicting tags back in 2005, but as far as
> I can tell it didn't go anywhere.

I don't think we've ever had a conflicting tag.

> 1) Suppose I do a "git tag" of a release, and then realize that I
> messed up, and I need to do some additional release work (i.e.,
> editing a debian changelog file, etc.) before really doing another
> release, what do I do to tag a later revision as the "real" version
> v1.2?

Well, if you never pushed anything out, just re-tag it. Use "-f" to 
replace the old one. And you're done.

But if you have pushed things out (or others could just read your 
repository directly), then others will have already seen the old tag. In 
that case you can do one of two things:

 - The sane thing.

   Just admit you screwed up, and use a different name. Others have 
   already seen one tag-name, and if you keep the same name, you may be in 
   the situation that two people both have "version X", but they actually 
   have _different_ "X"'s.

   So just call it "X.1" and be done with it. 

 - The insane thing.

   You really want to call the new version "X" too, _even_though_ others 
   have already seen the old one. So just use "git tag -f" again, as if 
   you hadn't already published the old one.

   HOWEVER!

   Git does *not* (and in my very very strong opinion, MUST NOT!) change 
   tags behind users back. So if somebody already got the old tag, doing a 
   "git pull" on your tree shouldn't just make them overwrite the old one. 

And I really think that git does the right thing. If somebody got a 
release tag from you, you cannot just change the tag for them by updating 
your own one. I think this is a BIG security issue, in that people MUST be 
able to trust their tag-names. If I got a particular tag, NO WAY IN HELL 
must git just replace it for me because you happened to have a newer one!

So if you really want to do the insane thing, you need to just fess up to 
it, and tell people that you messed up. You can do that by making a very 
public announcement saying

  "Ok, I messed up, and I pushed out an earlier version tagged as X. I 
   then fixed somethign, and retagged the *fixed* tree as X again.

   If you got the wrong tag, and want the new one, you'll have to delete 
   the old one and fetch the new one:

	git tag -d X
	git fetch origin X

   to get my updated tag.

   You can test which tag you have by doing

	git rev-parse X

   which should return 0123456789abcdef.. if you have the new version".

Does this seem a bit complicated? HELL YES. But it *should* be. There is 
no way in hell that it would be correct to just "fix" it behind peoples 
backs. People need to know that their tags might have been changed.

> 3) The git-tag man page talks about GPG signing tags, but it doesn't
> talk about how a GPG-signed tag is validated.  Does this happen
> manually or automatically?

Use "git verify-tag X" to see something like this:

	[torvalds@woody linux]$ git-verify-tag v2.6.17
	gpg: Signature made Sat 17 Jun 2006 06:49:59 PM PDT using DSA key ID 76E21CBB
	gpg: Good signature from "Linus Torvalds (tag signing key) <torvalds@osdl.org>"

but you obviously need to have the public key in question available to 
you.

We could verify tags automatically, of course, but the question is, what 
would the policy be? 

(Side note: the 'monotone' people do the trust thing very deep in 
monotone, AND IT IS A COMPLETE DISASTER! I'm surprised they are not only 
continuing with it, they are adding more and more infrastructure exactly 
because once you do it automatically, you need to be able to handle any 
possible policy. It's insane. It's also really sad, because monotone gets 
so many things right. Their security model is just *totally* broken, and 
makes the whole thing be just a steaming pile of shit. Sad. Not that the 
whole C++/boost/STL crap exactly "helps" either, but the security thing 
is probably the more fundamental problem.)

			Linus

  reply	other threads:[~2007-02-10 17:56 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-02-08 11:16 git-pull and tag objects Alex Bennee
2007-02-09  9:33 ` Alex Riesen
2007-02-09 23:19   ` Junio C Hamano
2007-02-10  0:14     ` [PATCH] git-fetch: document automatic tag following Junio C Hamano
2007-02-10 14:23     ` git-pull and tag objects Theodore Tso
2007-02-10 17:56       ` Linus Torvalds [this message]
2007-02-10 21:32         ` Jakub Narebski
2007-02-10 21:58           ` Linus Torvalds
2007-02-11 21:55             ` Junio C Hamano
2007-02-12  0:40               ` Jakub Narebski
2007-02-11  0:25         ` Theodore Tso
2007-02-11  3:21           ` Linus Torvalds
2007-02-11  5:52         ` Junio C Hamano
2007-02-11 17:49           ` Linus Torvalds
2007-02-11 19:17             ` Junio C Hamano
2007-02-11 19:21               ` Junio C Hamano
2007-02-11 19:25               ` Linus Torvalds
2007-02-11 21:41                 ` Junio C Hamano
2007-02-12 16:27           ` Theodore Tso
2007-02-13  6:17             ` Junio C Hamano
2007-02-14  6:38               ` Linus Torvalds
2007-02-14  7:22                 ` Junio C Hamano
2007-02-14 11:18                   ` Johannes Schindelin
2007-02-14 16:35                     ` Linus Torvalds
2007-02-15  1:21                 ` Jakub Narebski
2007-02-15  1:34                   ` Johannes Schindelin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Pine.LNX.4.64.0702100938540.8424@woody.linux-foundation.org \
    --to=torvalds@linux-foundation.org \
    --cc=git@vger.kernel.org \
    --cc=junkio@cox.net \
    --cc=kernel-hacker@bennee.com \
    --cc=raa.lkml@gmail.com \
    --cc=tytso@mit.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.