On 21 September 2014 09:18, hasufell <[email protected]> wrote: > I didn't see him saying that. It rather sounds like we want to have > thick signed Manifests and break pull requests and whatnot. >
Those aren't the only options. We could of course develop a custom commit signature system, either in the commit itself, or using a custom ref protocol. For instance, you could have an object in refs/signatures/<*> for every blob in the tree, signed by the person who created that blob. But you'd probably have to hook the git client somewhere low-level to make that option work, and that way, those refs could be pulled only by people who wanted them (Speed!), *and* they could be created after-the-fact. -- Kent *KENTNL* - https://metacpan.org/author/KENTNL
