On Fri, Jun 26, 2015 at 9:44 AM, Pierre-Yves Chibon <pingou@pingoured.fr> wrote:

The risk is also ending up with a situation where a bunch of packages are using
one approach, another bunch are doing something else, and yet a third bunch are
doing yet another way because of x, y, z.
Tags are a nice git features, but due to the nature of git itself, are a moving
target.
Relying on it is not a wise thing to do.
You may understand the pros and cons, you may know that tags are moving target
but do not forget that we have a lot of people in community, including packagers
that are not developers. I think have one way of doing things and have this way
be the most secure one is better than offering multiple options left at the
discretion of people that may or may not have a deep understanding of the stake.

Git Tags are not a moving target. Just because some people are abusing them doesn't

mean we ban that functionality. The Draft guideline addresses clearly what to do if you

believe someone is engaging in re-tagging. The current guideline is silent.

As I mentioned previously, the commit hash is part of the generated archive. That information

is never lost, regardless of what upstream does with the Git Tag.