Proposal to sign all commits
Kus
kushaldeveloper at gmail.com
Thu May 5 07:06:39 PDT 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
My original thought was to allow us to grant many people commit access.
Signing commits won't solve everything. There are other, arguably more important things, to do like code reviews and automated unit as well as device tests as well as manual tests (as we're talking about in another thread).
I think if we can just sign all commits to master, I think it will still be a win.
I like the idea of a web of trust and I think it can work in conjunction with signed commits. I believe all of these things will fall in place if we as a team commit to never rewriting history once we've published something publicly. (:
-----BEGIN PGP SIGNATURE-----
Version: APG v1.1.1
iQJRBAEBCgA7BQJXK1NvNBxLdXNoYWwgSGFkYSAoZGV2ZWxvcGVyKSA8a3VzaGFs
ZGV2ZWxvcGVyQGdtYWlsLmNvbT4ACgkQJsInd2b1xmP+/w//UpDyMTlEvtIXpY4o
pL777/sm9DzTSxgcjlE755rz+Wb5vD5o4g2ip/Glhu4LfGdc8RuoMvW2G8jwdx6b
4lbj7MS+IaoYCV4UXtvCVrMDTsJiwcIc0BWWJHphPlpJgLUiPJp6yCN5SAlB3bnY
8vaUJNz6H23BRL9lA7eZrj3o7pdouGDexzEJq5anwLITsgwGGmFvA+Ngvhgpa9Wi
qYp2ei/yjCckTMvASyydCii7+RQcZ9PLUEBbEJ+DhAz6xQI8t7VWISAFmDV7kFFz
i3fIpLDXSbd2md47wxRWGd7BX5mKczBuv+1E+C7wCzIJgxOH4+6qJqUjpm4QZGhL
R0vhbzjJRn97wDujo0hHrp5tYjfpz+/UI8FOdSD4W62ImbUGzKue07FGAE96xOnl
iHiMthxU6Sb6pvmFnQ7ehljJwzy9wJFQ3zR0Lt3Do/McaKyQRWl6Uw1qD75gcQNf
Jm6DOwdyEbLuIFqGJY3MATjcgPuhkapXjB/sOce21q8KfSqRT/J/IhXJ3W9VQIbU
2f021cDGqc9KRpsVLmJHbT5zXiTr9toDlq3yDSVtpow9ESTdY38vxuLi2t/2k8eO
4SINj+QnEpaZemMlyfa0wCbjezYr3b4hcMxiAf5gPCYfbSF9tTW3Utc6oHUJPEmB
Qvx8IKMwws7kOP7n9TfW3fvjW2M=
=nmKw
-----END PGP SIGNATURE-----
More information about the Lede-dev
mailing list