在git中标记标签有什么意义? [英] What is the point in signing tags in git?

问题描述

我在git中还很陌生，我已经知道可以使用gpg对标签进行签名.我了解公钥密码术的工作原理，并且了解如何对标签进行签名，但是这样做有什么意义呢?

I am quite new in git, and I have seen that it is possible to sign the tags with gpg. I understand how public key cryptography works, and I understand how to do sign the tags, but what is the point in doing it?

推荐答案

对标签进行签名的要点是，现在拥有您的公钥的任何人都可以证明您已将该特定提交批准为该程序的特定版本.如果他们碰巧相信您是该软件包的正式发布源，那么他们知道他们得到了该软件包的正式版本，而不是一些可能被攻击者后门或在运输途中损坏的随机版本.

The point of signing a tag is that now anyone who has your public key can prove that you have approved that particular commit as being that particular version of the program. If they happen to trust you as being the official source of releases for that package, then they know that they got an official version of that package, not some random version that might have been backdoored by an attacker or corrupted in transit.

这篇关于在git中标记标签有什么意义?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！