On Sat, Aug 23, 2014 at 8:17 AM, Troy Benjegerdes <ho...@hozed.org> wrote: > On Fri, Aug 22, 2014 at 09:20:11PM +0200, xor wrote: >> On Tuesday, August 19, 2014 08:02:37 AM Jeff Garzik wrote: >> > It would be nice if the issues and git repo for Bitcoin Core were not >> > on such a centralized service as github, nice and convenient as it is. >> >> Assuming there is a problem with that usually is caused by using Git the >> wrong >> way or not knowing its capabilities. Nobody can modify / insert a commit >> before a GnuPG signed commit / tag without breaking the signature. >> More detail at the bottom at [1], I am sparing you this here because I >> suspect >> you already know it and there is something more important I want to stress:
Note that we're generally aiming (though not yet enforcing) to have merges done through the github-merge tool, which performs the merge locally, shows the resulting diff, compares it with the merge done by github, and GnuPG signs it. That allows using github as easy-access mechanism for people to contribute and inspect, while having a higher security standard for the actual changes done to master. -- Pieter ------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
