Jeff King writes:
> First off, I agree that "verify-tag" is probably not the right place.
> There _is_ no tag object to verify anymore (the only reason it is a tag
> at all is that the signature came out of what once was a tag).
Yes, if we imagine that the header were called "mergesig", it may b
On Fri, Jun 27, 2014 at 11:36:47AM -0700, Junio C Hamano wrote:
> Michael J Gruber writes:
>
> > A merge commit with embedded signed tag it is, then.
> >
> > The commit could carry it's own commit signature, couldn't it?
>
> Yes, an integrator can choose to sign a merge he creates, merging
> th
Michael J Gruber writes:
> ... or an extension ^{mergetag} to our machinery, defaulting to the
> tag object containing the mergetag for the 2nd parent, with an optional
> version ^{mergetag}?
One thing you should not forget is that with mergetag, the original
tag object is not even necessary to
Michael J Gruber writes:
> A merge commit with embedded signed tag it is, then.
>
> The commit could carry it's own commit signature, couldn't it?
Yes, an integrator can choose to sign a merge he creates, merging
the work by a contributor who gave him a pull-request for a tag
signed by the contr
Michael J Gruber venit, vidit, dixit 27.06.2014 14:49:
> Michael J Gruber venit, vidit, dixit 27.06.2014 14:31:
>> Jeff King venit, vidit, dixit 16.06.2014 22:39:
>>> On Mon, Jun 16, 2014 at 01:34:20PM -0700, Junio C Hamano wrote:
>>>
> Your middle example above did make me think of one other t
Michael J Gruber venit, vidit, dixit 27.06.2014 14:49:
> Michael J Gruber venit, vidit, dixit 27.06.2014 14:31:
>> Jeff King venit, vidit, dixit 16.06.2014 22:39:
>>> On Mon, Jun 16, 2014 at 01:34:20PM -0700, Junio C Hamano wrote:
>>>
> Your middle example above did make me think of one other t
Michael J Gruber venit, vidit, dixit 27.06.2014 14:31:
> Jeff King venit, vidit, dixit 16.06.2014 22:39:
>> On Mon, Jun 16, 2014 at 01:34:20PM -0700, Junio C Hamano wrote:
>>
Your middle example above did make me think of one other thing, though.
As you noted, we actually have _three_ sig
Jeff King venit, vidit, dixit 16.06.2014 22:39:
> On Mon, Jun 16, 2014 at 01:34:20PM -0700, Junio C Hamano wrote:
>
>>> Your middle example above did make me think of one other thing, though.
>>> As you noted, we actually have _three_ signature types:
>>>
>>> 1. signed tags
>>>
>>> 2. signed c
On Mon, Jun 16, 2014 at 01:34:20PM -0700, Junio C Hamano wrote:
> > Your middle example above did make me think of one other thing, though.
> > As you noted, we actually have _three_ signature types:
> >
> > 1. signed tags
> >
> > 2. signed commits
> >
> > 3. merges with embedded mergetag he
Jeff King writes:
> On Fri, Jun 13, 2014 at 10:06:10AM -0700, Junio C Hamano wrote:
> ...
>> and more, perhaps?
>
> That is certainly the direction I was thinking of when I suggested "git
> verify".
>
> However, I do not think it is too bad a thing to add a verify-commit
> that matches verify-tag
On Fri, Jun 13, 2014 at 10:06:10AM -0700, Junio C Hamano wrote:
> Jeff King writes:
>
> > I realize this isn't really your itch to scratch. It's just that when I
> > see a description like "verify a commit", I wonder what exactly "verify"
> > means.
>
> I think that is an important point. If a
Junio C Hamano venit, vidit, dixit 13.06.2014 19:06:
> Jeff King writes:
>
>> I realize this isn't really your itch to scratch. It's just that when I
>> see a description like "verify a commit", I wonder what exactly "verify"
>> means.
>
> I think that is an important point. If a tool only veri
Jeff King writes:
> I realize this isn't really your itch to scratch. It's just that when I
> see a description like "verify a commit", I wonder what exactly "verify"
> means.
I think that is an important point. If a tool only verifies the
signature of the commit when conceivably other aspect o
On Fri, Jun 13, 2014 at 11:55:22AM +0200, Michael J Gruber wrote:
> > Did you give any thought to just having a "git verify" command, instead
> > of separate tag/verify commands?
>
> Yes. (mathematician's answer)
Cute.
> You know not only the outcome but also why I refrained from doing so:
> co
Jeff King venit, vidit, dixit 13.06.2014 10:02:
> On Fri, Jun 06, 2014 at 04:15:28PM +0200, Michael J Gruber wrote:
>
>> Commit signatures can be verified using "git show -s --show-signature"
>> or the "%G?" pretty format and parsing the output, which is well suited
>> for user inspection, but not
On Fri, Jun 06, 2014 at 04:15:28PM +0200, Michael J Gruber wrote:
> Commit signatures can be verified using "git show -s --show-signature"
> or the "%G?" pretty format and parsing the output, which is well suited
> for user inspection, but not for scripting.
>
> Provide a command "verify-commit"
On 6. Juni 2014 16:15:28 MESZ, Michael J Gruber
wrote:
>Commit signatures can be verified using "git show -s --show-signature"
>or the "%G?" pretty format and parsing the output, which is well suited
>for user inspection, but not for scripting.
>
>Provide a command "verify-commit" which is anal
Commit signatures can be verified using "git show -s --show-signature"
or the "%G?" pretty format and parsing the output, which is well suited
for user inspection, but not for scripting.
Provide a command "verify-commit" which is analogous to "verify-tag": It
returns 0 for good signatures and non-
18 matches
Mail list logo
