Michael J Gruber venit, vidit, dixit 07.10.2011 10:40: > [readding JCH to cc whom you dropped] > Robin H. Johnson venit, vidit, dixit 07.10.2011 00:24: >> On Wed, Oct 05, 2011 at 05:56:55PM -0700, Junio C Hamano wrote: >>> And this uses the gpg-interface.[ch] to allow signing the commit, i.e. >>> >>> $ git commit --gpg-sign -m foo >>> You need a passphrase to unlock the secret key for >>> user: "Junio C Hamano <gitster@xxxxxxxxx>" >>> 4096-bit RSA key, ID 96AFE6CB, created 2011-10-03 (main key ID 713660A7) >>> >>> [master 8457d13] foo >>> 1 files changed, 1 insertions(+), 0 deletions(-) >> I like it, but I have a couple of questions: >> 1. Are the sig lines used in computed SHA1/commitid of a given commit (I >> see examples w/ --amend and that would usually change the SHA1)? > > Yes, just like with tag objects. > >> 2. Can we allow more than one person sign a commit? > > I don't think we support it now (tags) but we could allow concatenating > signatures since they are detached. Quick update: Sticking two signatures into a signed tag works perfectly with current git, both signatures are verified and displayed. So, it might make sense to have "commit --amend" append to an existing signature. > There's a somewhat delicate issue here: The signature (tag/commit) is a > signature on the contents of the object, and is itself not part of the > contents (or else we would have a chicken-egg-problem). > > The sha1 of the object is determined by the content+header, i.e. > including the signature. NB: "header" is the wrong term here, it's "data" I think. > So, by adding a signature, you change the sha1, but any existing > signature remains valid. > > This is also how you can try to achieve a specific sha1 for a given > object content... > -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html