Description
It would be nice if we could create signed tags for releases.
Current Implementation
CVS doesn't have an integrated mechanism to do this.
SVN Implementation
A post-commit hook can make whatever signatures you like. The change files are immutable once committed to the repository. Note that a manual obliterate will destroy signatures as the dump/restore will recreate inter-commit delta linkage. Signatures would graphically highlight an obliterate.
Hg Implementation
There is a standard extension (plugin) for gpg support. It creates a version-controlled file called .hgsigs in the root which does for signing what .hgtags does for tags: it inserts a changeset recording the signature of a given changeset so it is more signing a repository/release than a one-sig-per-file implementation.
I've not checked it but it may have the same problem as git with VCSFeatureObliterate.
Git Implementation
Signed tags can be created with:
git-tag -s tagname [commitid]
Note that this is in conflict with VCSFeatureObliterate!
Monotone Implementation
Supported (also see monotone:FeatureSignedRevisions)
This is a primary and fundamental component of monotone. Revisions are identified by the SHA-1 hash of their ancestry+content, and additional metadata about these revisions is attached using signed certs.