[readding JCH to cc whom you dropped] Robin H. Johnson venit, vidit, dixit 07.10.2011 00:24: > On Wed, Oct 05, 2011 at 05:56:55PM -0700, Junio C Hamano wrote: >> And this uses the gpg-interface.[ch] to allow signing the commit, i.e. >> >> $ git commit --gpg-sign -m foo >> You need a passphrase to unlock the secret key for >> user: "Junio C Hamano <gitster@xxxxxxxxx>" >> 4096-bit RSA key, ID 96AFE6CB, created 2011-10-03 (main key ID 713660A7) >> >> [master 8457d13] foo >> 1 files changed, 1 insertions(+), 0 deletions(-) > I like it, but I have a couple of questions: > 1. Are the sig lines used in computed SHA1/commitid of a given commit (I > see examples w/ --amend and that would usually change the SHA1)? Yes, just like with tag objects. > 2. Can we allow more than one person sign a commit? I don't think we support it now (tags) but we could allow concatenating signatures since they are detached. There's a somewhat delicate issue here: The signature (tag/commit) is a signature on the contents of the object, and is itself not part of the contents (or else we would have a chicken-egg-problem). The sha1 of the object is determined by the content+header, i.e. including the signature. So, by adding a signature, you change the sha1, but any existing signature remains valid. This is also how you can try to achieve a specific sha1 for a given object content... > 3. If I have prepared a series on a local branch, and I want to sign all > of them, is this a variant of rebase or? If you really want to sign all you can rebase-i and use "exec" to do that automatically, but there's no point: signing the top-most commit serves the same purpose. > I think this isn't a replacement for push certificates, but has value in > itself. It's certainly provides better integration than the > signature-in-note variants. > I do think it's meant as an implementation of push certificates. I don't see any other value in it which could not be achieved by signed tags. Can you describe any? Michael -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html