Monday, February 25, 2013

UnFun with signed tags

I sometimes wish if we can revoke signature made (with PGP/GPG) to a specific tag.

I know that an electronic signature (like a handwritten one) is to protect both parties, the one who signs, and the one who gets something signed, and allowing a signer to retroactively cancel a signature invalidates the protection given to the latter. I'd be protected from a bogus claim that I made a promise I didn't make when somebody produces a document with a signature that does not match mine, and I'd be protected from somebody who changes his mind later after signing a document to promise me with his signature.

But in the context of signing a release tag for an open source project, non-repudiation is not an issue.

I often merge the last set of topics to the 'master' (or 'maint') branch, add a signed release tag to the tip, merge the result to 'next' and higher integration branches, only to find that a few more tweaks are necessary before the real release while testing the integration branches. Since I do not push out any branch before all the main integration branches (i.e. 'maint', 'master', 'next' and 'pu') are ready, it will not hurt anybody for me to rewind 'next' and 'pu' locally, discard the tag and redo the 'master' (or 'maint') branch. I also do not push out the signed tag until all these branches are ready, so in practice I just can discard the previous signed tag (that hasn't been pushed out) and tag the tip of 'master' with the same name. Nobody will notice.

So in practice, I do not need a feature to cancel a signed tag I created earlier, but at the philosophical level. But it somewhat feels awkward.

1 comment:

Michael J Gruber said...

Maybe "revert" the tagged commit and sign the revert commit? This preserves the complete signing history. Revoking a signature directly would be (but is not) a gpg thing, I guess.