Re: [PATCH v3 5/5] fast-import: add '--signed-tags=<mode>' option

[Junio C Hamano <gitster@pobox.com>]

Elijah Newren <newren@gmail.com> writes:

>> +--signed-tags=(verbatim|warn-verbatim|warn-strip|strip|abort)::
>> +       Specify how to handle signed tags.  Behaves in the same way
>> +       as the same option in linkgit:git-fast-export[1], except that
>> +       default is 'verbatim' (instead of 'abort').
>
> Sorry for not catching this earlier with the --signed-commits series
> (was otherwise occupied), but this worries me.  If we ship with this
> as the default, people will come to depend upon it, and I think it's a
> bad long term default.  Long term, we'd want to check if the
> signatures are valid and keep if so and do something else if not (e.g.
> re-sign or abort or strip).  Maybe verbatim is better than abort out
> of the options you've implemented so far, but I think setting the
> default now to verbatim means people start depending on it and we
> cannot change it later.  Could we change to 'abort', for both this and
> --signed-commits, before the 2.52 release, and then re-discuss once
> you have the other options implemented?

Isn't this series a response to the "we only copy verbatim and there
is no other choice", which we had from the beginning of fast import
& export?  If we knew better, we may have made it abort when we did
the fast import & export, but we cannot go back and change it, and
we cannot change the default with this series without disrupting the
users, so the next best thing is to make it configurable, which is
the point of this series (and the other one), no?