The point of signing a tag is that now anyone who has your public key can prove that you have approved that particular commit as being that particular version of the program. If they happen to trust you as being the official source of releases for that package, then they know that they got an official version of that package, not some random version that might have been backdoored by an attacker or corrupted in transit.