Proposal to sign all commits
David Lang
david at lang.hm
Wed May 4 22:38:18 PDT 2016
On Thu, 5 May 2016, John Crispin wrote:
> On 04/05/2016 23:38, Kus wrote:
>> Greetings
>>
>> I'd like to propose that all commits (at least to master) going forward be signed with the commiter's gpg key.
>>
>> https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work
>>
>> Thoughts?
>
> we could do that. if you look at the keyring.git, you will see that we
> already asked those with commit access to submit their gpg keys.
At that point, all you are signing is who merged the work into the tree. That
doesn't give you any information about who created the work.
Is there enough value in this to be worth the hassle?
David Lang
More information about the Lede-dev
mailing list