Excerpts from Felipe Contreras's message of Wed Mar 03 06:58:41 -0500 2010: > change. Instead, they ensure security by signing every piece of data > about a commit (commit date, author, commit message). So it's possible > to have multiple commit dates, authors, messages, etc. each signed by > a different person. As a side point... This is also a lot of extra overhead for people to get up and going. The git approach of guaranteeing integrity by signing tags only is much better, both because it accomplishes the same thing and because people can actually use it without having to share keys everywhere. [I can't get (most) people to use keys for ssh, good luck trying to get them to do it for version control...] -Ben
Attachment:
signature.asc
Description: PGP signature