On Wed, Sep 14, 2011 at 2:45 AM, Junio C Hamano <gitster@xxxxxxxxx> wrote: > 1. Improved pull requests. > > ... > > An alternative that I am considering is to let the requester say this > instead: > > are available in the git repository at: > git://git.kernel.org/pub/flobar.git/ 5738c9c21e53356ab5020912116e7f82fd2d428f > > without adding the extra line. > > That is, to allow fetching the history up to an explicitly named commit > object. This would only involve a change to fetch-pack at the receiving > end; just match the commit object name given from the command line against > the ls-remote response and ask upload-pack to give the history leading to > it. The released versions of Git already will happily oblige, as long as > the commit object named in the request message still sits at the tip of > the intended branch. > > Do you think it is worthwhile to pursue this alternative? Stupid question, if we agree to go with signed push, can we also sign pull requests and verify them when we pull? I suppose most of the time, pulling can be done automatically by extracting pull url from the request. This would make pull/push both signed. BTW, there's a third way (rsync is obsolete) to carry changes away in human-unreadable way: bundles. Should we also sign the bundles too (I guess we could just do the same as in signed push). -- Duy -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html