On 6 July 2015 at 08:01, William Hubbs <willi...@gentoo.org> wrote: > Once we have a version of git stable that allows this, can someone fill > me in on why we would need to sign commits if we sign pushes? If we have > a signature on the push, we know where that came from, so it seems to be > overkill to sign the commits as well.
The TL;DR of "why" though is basically: It allows a verifiable record of which user set BRANCH/$ID to == $COMMITSHA1. That is all. It doesn't verify the commits themselves, only where they are visible. ( ie: so if there's experimental dangerous stuff in a side branch, a malicious dev can't point master to there and blame the person with the signed commit for breaking the tree ) I noted that even though I can sign pushes now, upon experimentation I found the server couldn't respond to signed pushes. Seems you need to upgrade git on the receiving side *first* to make the feature even an optional thing. ( Github for instance does not support signed pushes yet either ). So we'd have to get it "working" in an optional state long before we could get it to be mandatory. -- Kent KENTNL - https://metacpan.org/author/KENTNL
