LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Solutions: signing commits, pulling signed tags

Solutions: signing commits, pulling signed tags

Posted Nov 11, 2011 11:37 UTC (Fri) by jnareb (subscriber, #46500)
Parent article: Authenticating Git pull requests

The discussion in the "Re: [git patches] libata updates, GPG signed (but see admin notes)" thread on git mailing list is ongoing, but partial solutions that actually got implemented and have good chance to be accepted are:

* Signing commits (signature is hidden in commit object header, and stripped e.g. on rebase or amend)

* Puling signed tags, with merge and editing of its commit message enforced, and with saving the whole tag in commit object header for merge commit. Using "git pull <URL> <tag>" won't result in creating a new tag reference.

(Log in to post comments)

Solutions: signing commits, pulling signed tags

Posted Nov 12, 2011 13:07 UTC (Sat) by dmag (subscriber, #17775) [Link]

> * Signing commits (signature is hidden in commit object header

One problem is that some people don't have/want their signing keys available all the time. I.e. they want commits to be lightweight, because signing them is heavy (may require another computer, or at least extra passwords.)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds