User: Password:
|
|
Subscribe / Log in / New account

Solutions: signing commits, pulling signed tags

Solutions: signing commits, pulling signed tags

Posted Nov 11, 2011 11:37 UTC (Fri) by jnareb (subscriber, #46500)
Parent article: Authenticating Git pull requests

The discussion in the "Re: [git patches] libata updates, GPG signed (but see admin notes)" thread on git mailing list is ongoing, but partial solutions that actually got implemented and have good chance to be accepted are:

* Signing commits (signature is hidden in commit object header, and stripped e.g. on rebase or amend)

* Puling signed tags, with merge and editing of its commit message enforced, and with saving the whole tag in commit object header for merge commit. Using "git pull <URL> <tag>" won't result in creating a new tag reference.


(Log in to post comments)

Solutions: signing commits, pulling signed tags

Posted Nov 12, 2011 13:07 UTC (Sat) by dmag (guest, #17775) [Link]

> * Signing commits (signature is hidden in commit object header

One problem is that some people don't have/want their signing keys available all the time. I.e. they want commits to be lightweight, because signing them is heavy (may require another computer, or at least extra passwords.)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds