Proposal to sign all commits
David Lang
david at lang.hm
Wed May 4 17:27:15 PDT 2016
On Wed, 4 May 2016, Kus wrote:
>
> I'd like to propose that all commits (at least to master) going forward be signed with the commiter's gpg key.
>
> https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work
>
> Thoughts?
Other than the possible idea that you can know if a commit was created by the
same person who created another commit with the same signature, how are you
going to validate the signatures?
who would issue the certs?
how do you handle signatures on a patch that requires changes before it's
merged?
how do you handle signatures on a patch that arrives via e-mail?
in other words, would this really be able to cover all commits without having
people sign for other people's work? If it can't, what do the signatures
actually tell you?
David Lang
More information about the Lede-dev
mailing list