This is a followup to ๐ Define conventions around drupal core git interaction Closed: outdated . In that issue, marvil07 suggest that Drupal use gpg-signed git annotated tags.
From the Issue Summary of the other issue:
Git provides two types of tags: simple and annotated, the last one can also be gpg-signed.
Currently we are using simple tags.
Annotated gpg-signed tags are usually the recommended for real release tags, mainly for verification.
Should we start using gpg-signed annotated tags?
Discuss and decide if annotated tags should be used.