Attestation for kernel patches

Posted Mar 2, 2020 23:47 UTC (Mon) by flussence (guest, #85566)
Parent article: Attestation for kernel patches

Wouldn't it be easier to make existing commit.gpgSign signatures round-trip through format-patch? There's plenty of space under the "--\n$gitversion" signature for an actual signature.

Attestation for kernel patches

Posted Mar 3, 2020 4:12 UTC (Tue) by logang (subscriber, #127618) [Link]

I would definitley prefer something like that.

My git configuration already signs every commit with my key from a smart card and it's a shame that the send-email flow loses that information.

Attestation for kernel patches

Posted Mar 3, 2020 4:19 UTC (Tue) by qyliss (subscriber, #131684) [Link]

I believe that those signatures include, for example, the parent and the committer. Not all that information is preserved through format-patch, and nor would it necessarily be desirable for it to be.

Attestation for kernel patches

Posted Mar 5, 2020 12:02 UTC (Thu) by atnot (subscriber, #124910) [Link]

One problem with this is the immense size and overhead of pgp signatures, which makes them kind of impractical to use. Modern tools like minisign generate signatures that are small enough to fit on one line. However, I'm afraid many people unfortunately won't switch away from pgp very soon.

Attestation for kernel patches

Posted Mar 12, 2020 3:52 UTC (Thu) by OrbatuThyanD (guest, #114326) [Link] (1 responses)

honestly, gpg needs to be replaced as the default signing mechanism for git patches.

git needs alternatives, stat. gpg needs to be allowed to die.

Attestation for kernel patches

Posted Mar 13, 2020 3:43 UTC (Fri) by flussence (guest, #85566) [Link]

I don't disagree. At least the existing GPG support can be a set-and-forget affair; what's being proposed here looks very manual and limited to one specific workflow.