On Sat, May 9, 2009 at 5:03 AM, Robin H. Johnson <robbat2@xxxxxxxxxx> wrote: >> How about signing the tree SHA-1 and putting the signature in commit >> message? It's like gpg way of saying Signed-off-by. If the committer >> wants to sign again before pushing out, he could amend the commit, >> append his signature there; or make a no-change commit to contain his >> signature (probably from git-commit-tree because iirc git-commit won't >> let you make no-change commit) > Hmm, I like the sound of that, but I'm concerned it might be difficult > to enforce. If rewrite-history ever happens, it's also invalidated. Well if you rewrite and touch the trees, then every signature should be invalidated anyway. If you only touch commit message, it should remain valid because I only sign trees. -- Duy -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html