This patch modifies the request-pull message to contain both the base hash and the top commit hash that results when the new commits are merged onto that base. The motivation for doing this is to turn cryptographically signing a pull request into an operation that enables detection of commits having been maliciously altered before being downloaded. Before this patch, a pull request contained only a list of commit names and a diffstat; this is not sufficient to detect subsequent alteration of the changed files. After this patch, the person merging may choose to rewind to $baserev, apply the received commits, and check that the resulting hash matches. Signed-off-by: Chris Ball <cjb@xxxxxxxxxx> --- git-request-pull.sh | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diff --git a/git-request-pull.sh b/git-request-pull.sh index fc080cc..9a686a5 100755 --- a/git-request-pull.sh +++ b/git-request-pull.sh @@ -73,6 +73,9 @@ are available in the git repository at:' $baserev && echo " $url $branch" && echo && +echo "(Applying these commits produces hash $headrev)" && +echo && + git shortlog ^$baserev $headrev && git diff -M --stat --summary $patch $merge_base..$headrev || exit exit $status -- Chris Ball <cjb@xxxxxxxxxx> <http://printf.net/> One Laptop Per Child -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html