Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> writes: > On Sat, 4 Apr 2009, Chow Loong Jin wrote: > > > > It crossed my mind that currently git commits cannot actually be > > verified to be authentic, due to the fact that I can just set my > > identity to be someone else, and then commit under their name. [...] > Btw, there's a final reason, and probably the really real one. Signing > each commit is totally stupid. It just means that you automate it, and you > make the signature worth less. It also doesn't add any real value, since > the way the git DAG-chain of SHA1's work, you only ever need _one_ > signature to make all the commits reachable from that one be effectively > covered by that one. So signing each commit is simply missing the point. > > IOW, you don't _ever_ have a reason to sign anythign but the "tip". The > only exception is the "go back and re-sign", but that's the one that > requires external signatures anyway. > > So be happy with 'git tag -s'. It really is the right way. And if you really, really need for some reason (for example requirement checkpoint, or being paranoid enough) ned to have each and every commit signed, you can use Monotone instead of Git. That is what we recommended IPsec (or something) on #git. -- Jakub Narebski Poland ShadeHawk on #git -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html