Proposal to sign all commits

John Crispin john at phrozen.org
Wed May 4 23:54:37 PDT 2016 


On 05/05/2016 08:42, David Lang wrote:
> On Thu, 5 May 2016, John Crispin wrote:
> 
>> On 05/05/2016 07:38, David Lang wrote:
>>> On Thu, 5 May 2016, John Crispin wrote:
>>>
>>>> On 04/05/2016 23:38, Kus wrote:
>>>>> Greetings
>>>>>
>>>>> I'd like to propose that all commits (at least to master) going
>>>>> forward be signed with the commiter's gpg key.
>>>>>
>>>>> https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work
>>>>>
>>>>> Thoughts?
>>>>
>>>> we could do that. if you look at the keyring.git, you will see that we
>>>> already asked those with commit access to submit their gpg keys.
>>>
>>> At that point, all you are signing is who merged the work into the tree.
>>> That doesn't give you any information about who created the work.
>>
>> that is not what i meant. i would like to encourage people sending
>> patches or PRs to sign those if that is possible.
>>
>>> Is there enough value in this to be worth the hassle?
>>
>> to my understanding this can be automated using git.
> 
> Kus and I had an exchange that ended up going off-list, apologies if I
> duplicate things that made it to the list.
> 
> Is it acceptable to only have some commits signed and not all?

i would think so. would not want to impose either or on people.

> while git automates the signing after it's all setup, that setup still
> needs to be done.

as with anything related to computers, its an inherent thing related to
technology.


> Given the lack of any real ability to tie an online name to a physical
> person, what is the value of signing? If it is valuable, why do you
> allow anything not to be signed?

same concept as self signed ssl certificates. i think the buzzword here
is "opportunistic". although computers are binary there are thing in
this world that are not.

> how do you handle things via e-mail where the signature either doesn't
> exist or can't be transferred?

this would mainly apply to PRs

> how do you handle cases where the maintainer needs to fix a merge or
> otherwise tweak the submission?

ideally we dont need to tweak commits

> Other than as a gee-wiz we-can-do-that, what's the actual value provided
> by the signatures?

i dont plan to get into a discussion about why signing and crypto in
general is useful.

apart from that, its a feature widely adopted by others, git does not
have these features for sake of code bloat and people are asking for it
so i believe it is worth considering.

	John

More information about the Lede-dev mailing list