RE: Lack of detached signatures

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

[Sorry for the top posting. Outlook is evil.]

Detached signatures are created with gpg, not git.

What I would like to see in git would be signed commits. I have looked at what it would take to make it work, but I don't have all the details worked out. (Certain merges and cherry-picks would not work very well.)

-----Original Message-----
From: git-owner@xxxxxxxxxxxxxxx [mailto:git-owner@xxxxxxxxxxxxxxx] On Behalf Of Michael Witten
Sent: Tuesday, September 27, 2011 5:08 PM
To: Junio C Hamano
Cc: Joseph Parmelee; git@xxxxxxxxxxxxxxx
Subject: Re: Lack of detached signatures

On Wed, Sep 28, 2011 at 00:03, Junio C Hamano <gitster@xxxxxxxxx> wrote:
> Joseph Parmelee <jparmele@xxxxxxxxxxxx> writes:
>
>> Under the present circumstances, and particularly considering the
>> sensitivity of the git code itself, I would suggest that you implement
>> signed detached digital signatures on all release tarballs.
>
> Well, signed tags are essentially detached signatures. People can verify
> tarballs against them if they wanted to, although it is a bit cumbersome.

Aren't tarballs used to get git on machines that don't yet have git?
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
��.n��������+%������w��{.n��������n�r������&��z�ޗ�zf���h���~����������_��+v���)ߣ�
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]