Linus Torvalds wrote: > On Sat, 4 Apr 2009, Chow Loong Jin wrote: > >> It crossed my mind that currently git commits cannot actually be >> verified to be authentic, due to the fact that I can just set my >> identity to be someone else, and then commit under their name. >> > > You can't do that. > > Well, you can, but it's always going to be inferior to just adding a tag. > > The thing is, what is it you want to protect? The tree, the authorship, > the committer info, the commit log, what? > [...] > Btw, there's a final reason, and probably the really real one. Signing > each commit is totally stupid. It just means that you automate it, and you > make the signature worth less. It also doesn't add any real value, since > the way the git DAG-chain of SHA1's work, you only ever need _one_ > signature to make all the commits reachable from that one be effectively > covered by that one. So signing each commit is simply missing the point. > > IOW, you don't _ever_ have a reason to sign anythign but the "tip". The > only exception is the "go back and re-sign", but that's the one that > requires external signatures anyway. > > So be happy with 'git tag -s'. It really is the right way. > Linus I agree with these points - I'd just like to point you to the new mirror-sync design document. Under Documentation/git-mirror-sync.txt on http://github.com/samv/git/tree/mirror-sync - and an implementation plan outlined in Documentation/git-mirror-sync-impl.txt This system allows for *pushes* to be signed and in general laying the foundation for knowing that commits are authentic without the intrusion into the refs/tags/* space that making lots of signed tags would imply. The idea is to put 'packed-refs' contents (or a moral equivalent) in tag bodies. It is really a new type of object, but it's sufficiently similar to a tag that I thought I'd just go and go with that design for now. Anyway if you're curious take a look, otherwise wait for the formal submission once I've got something better together... Sam -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html