From: Michael J Gruber <git@drmicha.warpmail.net>
To: Git Mailing List <git@vger.kernel.org>
Cc: "Robin H. Johnson" <robbat2@gentoo.org>,
Junio C Hamano <gitster@pobox.com>
Subject: Re: [PATCH] commit: teach --gpg-sign option
Date: Fri, 07 Oct 2011 10:40:30 +0200 [thread overview]
Message-ID: <4E8EBAFE.8020805@drmicha.warpmail.net> (raw)
In-Reply-To: <robbat2-20111006T221637-481195848Z@orbis-terrarum.net>
[readding JCH to cc whom you dropped]
Robin H. Johnson venit, vidit, dixit 07.10.2011 00:24:
> On Wed, Oct 05, 2011 at 05:56:55PM -0700, Junio C Hamano wrote:
>> And this uses the gpg-interface.[ch] to allow signing the commit, i.e.
>>
>> $ git commit --gpg-sign -m foo
>> You need a passphrase to unlock the secret key for
>> user: "Junio C Hamano <gitster@pobox.com>"
>> 4096-bit RSA key, ID 96AFE6CB, created 2011-10-03 (main key ID 713660A7)
>>
>> [master 8457d13] foo
>> 1 files changed, 1 insertions(+), 0 deletions(-)
> I like it, but I have a couple of questions:
> 1. Are the sig lines used in computed SHA1/commitid of a given commit (I
> see examples w/ --amend and that would usually change the SHA1)?
Yes, just like with tag objects.
> 2. Can we allow more than one person sign a commit?
I don't think we support it now (tags) but we could allow concatenating
signatures since they are detached.
There's a somewhat delicate issue here: The signature (tag/commit) is a
signature on the contents of the object, and is itself not part of the
contents (or else we would have a chicken-egg-problem).
The sha1 of the object is determined by the content+header, i.e.
including the signature.
So, by adding a signature, you change the sha1, but any existing
signature remains valid.
This is also how you can try to achieve a specific sha1 for a given
object content...
> 3. If I have prepared a series on a local branch, and I want to sign all
> of them, is this a variant of rebase or?
If you really want to sign all you can rebase-i and use "exec" to do
that automatically, but there's no point: signing the top-most commit
serves the same purpose.
> I think this isn't a replacement for push certificates, but has value in
> itself. It's certainly provides better integration than the
> signature-in-note variants.
>
I do think it's meant as an implementation of push certificates. I don't
see any other value in it which could not be achieved by signed tags.
Can you describe any?
Michael
next prev parent reply other threads:[~2011-10-07 8:40 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-10-06 0:56 [PATCH] commit: teach --gpg-sign option Junio C Hamano
2011-10-06 15:50 ` Shawn Pearce
2011-10-06 17:11 ` Jonathan Nieder
2011-10-06 17:22 ` Matthieu Moy
2011-10-06 18:44 ` Michael J Gruber
2011-10-06 21:29 ` Junio C Hamano
2011-10-06 22:24 ` Robin H. Johnson
2011-10-07 8:40 ` Michael J Gruber [this message]
2011-10-07 11:18 ` Nguyen Thai Ngoc Duy
2011-10-09 16:32 ` Michael J Gruber
2011-10-09 22:57 ` Robin H. Johnson
2011-10-09 23:18 ` Junio C Hamano
2011-10-11 0:38 ` Robin H. Johnson
2011-10-09 20:00 ` Michael J Gruber
2011-10-09 21:22 ` Junio C Hamano
2011-10-10 6:33 ` Michael J Gruber
2011-10-10 16:35 ` Junio C Hamano
2011-10-09 22:27 ` Junio C Hamano
2011-10-10 6:33 ` Michael J Gruber
2011-10-10 16:45 ` Junio C Hamano
2011-10-11 6:39 ` Michael J Gruber
[not found] ` <CACBZZX6xsnAv4S8zAqi08bcqrghZ8nKdzFP=UNCqZOqrEeLFnA@mail.gmail.com>
2011-10-10 4:58 ` Junio C Hamano
2011-10-19 0:20 ` [PATCH v3 0/3] Signed-commit Junio C Hamano
2011-10-19 0:20 ` [PATCH v3 1/3] Split GPG interface into its own helper library Junio C Hamano
2011-10-19 0:20 ` [PATCH v3 2/3] commit: teach --gpg-sign option Junio C Hamano
2011-10-19 0:20 ` [PATCH v3 3/3] log: --show-signature Junio C Hamano
2011-10-20 0:36 ` [PATCH v4 0/5] Signed-commit Junio C Hamano
2011-10-20 0:36 ` [PATCH v4 1/5] Split GPG interface into its own helper library Junio C Hamano
2011-10-20 0:37 ` [PATCH v4 2/5] commit: teach --gpg-sign option Junio C Hamano
2011-10-20 0:37 ` [PATCH v4 3/5] log: --show-signature Junio C Hamano
2011-10-20 0:37 ` [PATCH v4 4/5] t7004: extract generic "GPG testing" bits Junio C Hamano
2011-10-20 0:37 ` [PATCH v4 5/5] test "commit -S" and "log --show-signature" Junio C Hamano
2011-10-22 5:01 ` [PATCH 7/5] pretty: %G[?GS] placeholders Junio C Hamano
2011-10-22 10:47 ` Elia Pinto
2011-10-22 17:55 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E8EBAFE.8020805@drmicha.warpmail.net \
--to=git@drmicha.warpmail.net \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=robbat2@gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.