From: Junio C Hamano <gitster@pobox.com>
To: "brian m. carlson" <sandals@crustytoothpaste.net>
Cc: git@vger.kernel.org
Subject: Re: How to gpg signed email patches?
Date: Mon, 14 Apr 2025 12:12:17 -0700 [thread overview]
Message-ID: <xmqqa58ir20e.fsf@gitster.g> (raw)
In-Reply-To: <Z_xAOmQm0e_WE2Dd@tapette.crustytoothpaste.net> (brian m. carlson's message of "Sun, 13 Apr 2025 22:52:42 +0000")
"brian m. carlson" <sandals@crustytoothpaste.net> writes:
> I know that Git definitely does not know how to verify those signatures,
> though, so many people would end up not verifying them.
True that many people would end up not verifying them, but I do not
think Git has much to do with that.
Some contributors seem to send PGP signed patches to this list (and
I once mildly asked them not to, but these days I simply do not
care), and if I had their public keys marked as trusted, my
mail-reading environment would do the verification for me totally
outside Git (as this part of the workflow is not about Git, but
about communicating over authenticated and cryptographically
protected messages, whose contents happen to be patches), and I'll
just "git am" knowing that the patch is from the contributor who has
access to that trusted key.
The "key" (no pun intended) in the above is "if I had" part. The
overhead of retrieving, validating, and keeping the key for a
contributor becomes worth it only after the contributor turns out to
be very prolific one. The Web of trust, while was very attractive
as a concept, is not so convenient to maintain well enough to be
relied on as an infrastructure.
next prev parent reply other threads:[~2025-04-14 19:12 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-13 19:17 How to gpg signed email patches? Klaus Frank
2025-04-13 22:21 ` Matt Hunter
2025-04-13 23:12 ` Klaus Frank
2025-04-14 16:34 ` Junio C Hamano
2025-04-13 22:52 ` brian m. carlson
2025-04-14 0:23 ` Klaus Frank
2025-04-14 0:48 ` brian m. carlson
2025-04-14 19:12 ` Junio C Hamano [this message]
2025-04-14 1:34 ` Konstantin Ryabitsev
2025-04-14 15:14 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqa58ir20e.fsf@gitster.g \
--to=gitster@pobox.com \
--cc=git@vger.kernel.org \
--cc=sandals@crustytoothpaste.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).