[RFC} Freezing upstream tags for reproducibility

Paul Sherwood paul.sherwood at codethink.co.uk
Mon Sep 15 13:18:53 BST 2014

Hi all
in a previous thread [1] we discussed issues around consuming upstream tags.

I think my proposal
(baserock-<upstream-tag>-<short-sha-of-upstream-commit>) was defensible,
and better from a usability point of view than what we're currently
doing, but so far we haven't adopted the practice of locking our own tags.

Over the weekend another possibility sprang to mind: could we manage our
git repos so as to guarantee integrity of upstream tags?

In other words, we somehow ensure that no (published) tag is ever
deleted or changed. This would mean we could directly use (locked) tags
in our ref: fields, which would be much nicer from a user standpoint.

- maybe lorry could bounce and any attempt to change/delete by an upstream?
- maybe gitano could bounce and report any attempt to change/delete by a
- maybe tags would only become set-in-stone after a cooling off period
of weeks/months (to allow for fixing mistakes)?
- and/or maybe we just keep a separate list of tags and their refs for
all the upstreams we care about, just in case, and report any
differences the moment they happen?
- maybe we could/should campaign to establish 'tags are forever' with
the git community and wider upstream?



Paul Sherwood                                            Codethink Ltd.
Tel: +44 788 798 4900                    302 Ducie House, Ducie Street,
http://www.codethink.co.uk/         Manchester, M1 2JW, United Kingdom.

Codethink provides advanced software design, development, integration &
test services: from embedded systems to high performance apps to cloud.

More information about the baserock-dev mailing list