Proposal to sign all commits

David Lang david at lang.hm
Thu May 5 11:00:17 PDT 2016


On Thu, 5 May 2016, Matthias Schiffer wrote:

> On 05/05/2016 07:43 PM, David Lang wrote:
>> On Thu, 5 May 2016, Ben Greear wrote:
>>
>>> On 05/05/2016 07:30 AM, Kus wrote:
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA512
>>>>
>>>> Hi Ben,
>>>>
>>>> Just to be clear. We're talking about signing git commits, not emails. I
>>>> apologize for my ugly emails though.
>>>
>>> I don't want to sign those either.  Signed-off-by and the actual code to
>>> read (and revert if needed) is plenty.  If there is a goal to allow more
>>> easy access to be a contributor, then making someone figure out how to
>>> sign commits is surely going the wrong direction.
>>
>> Also, wouldn't signed commits prevent adding reviewd-by, acked-by, etc tags
>> to the commit message?
>>
>> David Lang
>
> As I understand git's commit signing feature, the signature is something
> that is added by the committer, not the author. This means:
>
> - the format-patch/send-email format does *not* contain a signature
> - reviewed-by etc. can be added like before
> - signatures are added by those with push access during commit, rebase, am,
> ... commands

correct, but if you do a pull request/merge, the person creating the commit 
message isn't the person doing the merge, it's the person who created the commit 
initially.

you could put reviewed-by etc in the merge message, but I don't think that's 
nearly as useful as putting it in the actual commit messages.

David Lang

> I like the idea of signing all commits (my commits are already signed by
> default.)
>
> Matthias
>
>



More information about the Lede-dev mailing list