Problem/Motivation
This is a followup to #1583840: Define conventions around drupal core git interaction. In that issue, marvil07 suggest that Drupal use gpg-signed git annotated tags.
From the Issue Summary of the other issue:
Git provides two types of tags: simple and annotated, the last one can also be gpg-signed.
Currently we are using simple tags.
Annotated gpg-signed tags are usually the recommended for real release tags, mainly for verification.
Should we start using gpg-signed annotated tags?
Steps to reproduce
Proposed resolution
Remaining tasks
Discuss and decide if annotated tags should be used.