Re: GPG signing for git commit? - Nguyen Thai Ngoc Duy

git.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Nguyen Thai Ngoc Duy <pclouds@gmail.com>
To: "Robin H. Johnson" <robbat2@gentoo.org>
Cc: Git Mailing List <git@vger.kernel.org>
Subject: Re: GPG signing for git commit?
Date: Mon, 11 May 2009 08:53:49 +1000	[thread overview]
Message-ID: <fcaeb9bf0905101553p56f5e8b2o6e6b550e9494b726@mail.gmail.com> (raw)
In-Reply-To: <robbat2.20090508T190254.538956494Z@orbis-terrarum.net>

On Sat, May 9, 2009 at 5:03 AM, Robin H. Johnson <robbat2@gentoo.org> wrote:
>> How about signing the tree SHA-1 and putting the signature in commit
>> message? It's like gpg way of saying Signed-off-by. If the committer
>> wants to sign again before pushing out, he could amend the commit,
>> append his signature there; or make a no-change commit to contain his
>> signature (probably from git-commit-tree because iirc git-commit won't
>> let you make no-change commit)
> Hmm, I like the sound of that, but I'm concerned it might be difficult
> to enforce. If rewrite-history ever happens, it's also invalidated.

Well if you rewrite and touch the trees, then every signature should
be invalidated anyway. If you only touch commit message, it should
remain valid because I only sign trees.
-- 
Duy

next prev parent reply	other threads:[~2009-05-10 22:54 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-04-03 21:25 GPG signing for git commit? Chow Loong Jin
2009-04-03 22:54 ` Linus Torvalds
2009-04-06  6:05   ` Sam Vilain
2009-04-15 18:55     ` Robin H. Johnson
2009-04-15 19:20       ` Shawn O. Pearce
2009-04-15 22:29         ` Robin H. Johnson
2009-04-16 14:27           ` Shawn O. Pearce
2009-04-17  3:42             ` Sitaram Chamarty
2009-04-17 12:01               ` Jeff King
2009-04-17 18:36                 ` Sitaram Chamarty
2009-04-21 20:27                   ` Jeff King
2009-05-07  5:30       ` Nguyen Thai Ngoc Duy
2009-05-08 19:03         ` Robin H. Johnson
2009-05-10 22:53           ` Nguyen Thai Ngoc Duy [this message]
2009-05-11 10:39             ` Nguyen Thai Ngoc Duy
2009-04-07 17:55   ` Jakub Narebski
2009-04-07 18:04     ` Linus Torvalds

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=fcaeb9bf0905101553p56f5e8b2o6e6b550e9494b726@mail.gmail.com \
    --to=pclouds@gmail.com \
    --cc=git@vger.kernel.org \
    --cc=robbat2@gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).