[LEDE-DEV] Proposal to sign all commits

David Lang david at lang.hm
Fri May 6 17:26:28 PDT 2016 

On Fri, 6 May 2016, Daniel Dickinson wrote:

> Hi David,
>
> One thing your suggestion does though, is mean that the initial commits
> are not created on the master branch (for which there are few
> committers), so the idea that signing all commits shouldn't be an issue
> because there are only a few special souls who create commits is not
> actually the case, and in fact most commits (except the merges) will be
> created by someone other than the merge masters.
>
> I think if this suggestion (or fast-forward only) is taken, then the
> requiring signing is more problematic because there will be a much wider
> group of people signing (everything except merge commits).

This gets back to the question about what we are trying to achieve by signing 
the commits.

If the purpose is to track who put what into the central tree, then having the 
merge masters sign the merge commits is useful, and not an imposition on people 
submitting patches. We also recognize that this is all the signature represents.

If the purpose is to track back to the originator of the patch, that's a 
different, and much more difficult situation.

> I think even with a large group of merge master, if pull requests are
> indeed planned as a means of making community participation easier, then
> requiring commits is counter-productive.

I think you mean signed commits

> In addition, it's not like pull requests should go directly into master
> anyway, but rather should be merged into a staging tree and only pulled
> into master once the person(s) responsible for giving the okay to the
> pull request have deemed it acceptable.
>
> This goes back to something I've said in other message, where I have
> suggested that it would be useful to have one or more
> experimental/testing branches where pull requests and patches could be
> more widely tested than an individual can do (in fact I'd argue that
> ideally *everyone* goes through some level of testing from someone other
> than themselves.

Ideally, but we need to recognize that we don't live in an ideal world :-)

David Lang

More information about the Lede-dev mailing list