But of course you also want to be real careful about authenticating them (a signed tag in Git can serve that purpose).