Heya, On Thu, May 5, 2011 at 17:39, Richard Peterson <richard@xxxxxxxxxxxxxx> wrote: > Now my big question to ponder: what do do when the CA expires a cert? Hmm... You could re-sign the commits with the new cert, notes are mutable, and they keep history too. So you could just create a commit on the notes history ref "re-sign commits for expired cert", optionally removing the old signature. The hook verifying that no-one is tampering with the notes might get complex if you do that kind of stuff though (might be easier to just append the new signature and keep the old one in place). -- Cheers, Sverre Rabbelier -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html