Proposal to sign all commits

David Lang david at lang.hm
Wed May 4 22:38:18 PDT 2016


On Thu, 5 May 2016, John Crispin wrote:

> On 04/05/2016 23:38, Kus wrote:
>> Greetings
>>
>> I'd like to propose that all commits (at least to master) going forward be signed with the commiter's gpg key.
>>
>> https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work
>>
>> Thoughts?
>
> we could do that. if you look at the keyring.git, you will see that we
> already asked those with commit access to submit their gpg keys.

At that point, all you are signing is who merged the work into the tree. That 
doesn't give you any information about who created the work.

Is there enough value in this to be worth the hassle?

David Lang



More information about the Lede-dev mailing list