On Fri, Jun 26, 2015 at 9:44 AM, Pierre-Yves Chibon pingou@pingoured.fr wrote:
The risk is also ending up with a situation where a bunch of packages are using one approach, another bunch are doing something else, and yet a third bunch are doing yet another way because of x, y, z. Tags are a nice git features, but due to the nature of git itself, are a moving target. Relying on it is not a wise thing to do. You may understand the pros and cons, you may know that tags are moving target but do not forget that we have a lot of people in community, including packagers that are not developers. I think have one way of doing things and have this way be the most secure one is better than offering multiple options left at the discretion of people that may or may not have a deep understanding of the stake.
Git Tags are not a moving target. Just because some people are abusing them doesn't mean we ban that functionality. The Draft guideline addresses clearly what to do if you believe someone is engaging in re-tagging. The current guideline is silent.
As I mentioned previously, the commit hash is part of the generated archive. That information is never lost, regardless of what upstream does with the Git Tag.