On Sat, 4 Jul 2015 00:19:41 +0300 Andrew Savchenko <birc...@gentoo.org> wrote:
> Hi, > > On Fri, 3 Jul 2015 11:19:13 -0500 William Hubbs wrote: > > On Fri, Jul 03, 2015 at 06:34:41AM +0000, Robin H. Johnson wrote: > > > On Thu, Jul 02, 2015 at 09:46:18PM -0400, Brian Evans wrote: > > > > Does this mean that > > > > https://wiki.gentoo.org/wiki/Gentoo_git_workflow is no longer > > > > draft or needs work or another document is meant to display the > > > > new flow? > > > It does cover most of the things needed. > > > > > > It could use some revision regarding gkeys, and I'd like to also > > > mandate signed pushes in addition to signed commits. > > > > A push doesn't create any data, it just uploads it to the repo, so > > how do you sign a push? > > As I see from git docs only commits and tags may be signed. There > is no way to sign a push. Moreover there is no need to sign each > commit, see what Linux says on that: > http://git.661346.n2.nabble.com/GPG-signing-for-git-commit-td2582986.html > ... > > Best regards, > Andrew Savchenko Newer version(s) of git do have git push --sign capability. Sorry, I don't know the versions that it applies to. It was recently added as a feature. It also makes the push sig and data readily available for hook use. -- Brian Dolbec <dolsen>
