From: "Robin H. Johnson" <robbat2@gentoo.org>
To: Git Mailing List <git@vger.kernel.org>
Subject: Re: GPG signing for git commit?
Date: Wed, 15 Apr 2009 11:55:54 -0700 [thread overview]
Message-ID: <20090415185554.GG23644@curie-int> (raw)
In-Reply-To: <49D99BB2.2090906@vilain.net>
[-- Attachment #1: Type: text/plain, Size: 1454 bytes --]
On Mon, Apr 06, 2009 at 06:05:38PM +1200, Sam Vilain wrote:
> This system allows for *pushes* to be signed and in general laying the
> foundation for knowing that commits are authentic without the intrusion
> into the refs/tags/* space that making lots of signed tags would imply.
I'm on the lookout for something similar, so that we can be sure who
introduced some change into the central repo.
One of the spots that we're looking for in this, is a model something
like what follows. Firstly, a "proxy maintainer" (PM) is a developer
with commit rights to the central repo, that's willing to proxy commits
by an outside source for some specific package. Think of them as the
kernel subsystem maintainer, but many more of them. The PM is still
expected to verify the work before passing it on the central repo.
So we have a commit with author+committer being the outside source, and
now we want to record (in an easily reviewable fashion) that a specific
changeset was introduced to the central tree by the PM.
Not sure of the best route to trace this data. Signing the SHA1 makes
the most sense, but need to be able to do that without polluting the tag
namespace.
If the changeset does not have an associated signature, we'd like to
reject it at the central repo.
--
Robin Hugh Johnson
Gentoo Linux Developer & Infra Guy
E-Mail : robbat2@gentoo.org
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85
[-- Attachment #2: Type: application/pgp-signature, Size: 330 bytes --]
next prev parent reply other threads:[~2009-04-15 18:57 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-04-03 21:25 GPG signing for git commit? Chow Loong Jin
2009-04-03 22:54 ` Linus Torvalds
2009-04-06 6:05 ` Sam Vilain
2009-04-15 18:55 ` Robin H. Johnson [this message]
2009-04-15 19:20 ` Shawn O. Pearce
2009-04-15 22:29 ` Robin H. Johnson
2009-04-16 14:27 ` Shawn O. Pearce
2009-04-17 3:42 ` Sitaram Chamarty
2009-04-17 12:01 ` Jeff King
2009-04-17 18:36 ` Sitaram Chamarty
2009-04-21 20:27 ` Jeff King
2009-05-07 5:30 ` Nguyen Thai Ngoc Duy
2009-05-08 19:03 ` Robin H. Johnson
2009-05-10 22:53 ` Nguyen Thai Ngoc Duy
2009-05-11 10:39 ` Nguyen Thai Ngoc Duy
2009-04-07 17:55 ` Jakub Narebski
2009-04-07 18:04 ` Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090415185554.GG23644@curie-int \
--to=robbat2@gentoo.org \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).