Description

It would be nice if we could create signed tags for releases.

Current Implementation

CVS doesn't have an integrated mechanism to do this.

SVN Implementation

A post-commit hook can make whatever signatures you like. The change files are immutable once committed to the repository. Note that a manual obliterate will destroy signatures as the dump/restore will recreate inter-commit delta linkage. Signatures would graphically highlight an obliterate.

Hg Implementation

There is a standard extension (plugin) for gpg support. It creates a version-controlled file called .hgsigs in the root which does for signing what .hgtags does for tags: it inserts a changeset recording the signature of a given changeset so it is more signing a repository/release than a one-sig-per-file implementation.

I've not checked it but it may have the same problem as git with VCSFeatureObliterate.

Git Implementation

Signed tags can be created with:

git-tag -s tagname [commitid]

Note that this is in conflict with VCSFeatureObliterate!

Monotone Implementation

Supported (also see monotone:FeatureSignedRevisions)

This is a primary and fundamental component of monotone. Revisions are identified by the SHA-1 hash of their ancestry+content, and additional metadata about these revisions is attached using signed certs.

VersionControl/Signing (last edited 2022-10-07T02:02:58+0000 by KubilayKocak)