On Sun, Oct 09, 2011 at 04:18:49PM -0700, Junio C Hamano wrote: > "Robin H. Johnson" <robbat2@xxxxxxxxxx> writes: > > Workflow example: > > 1. Dev1 creates a commit, signs it, pushes to central repo. > > 2. Dev2 pulls, signs the tip commit, pushes it back. > > I personally am not sympathetic to such a "sign every and all commits by > multiple people" workflow. If you really want to do such a thing, you can > have the second and subsequent one to create a new commit on top whose > sole purpose is to hold such a signature (commit --allow-empty --gpg-sig), > or use signed tags. For this case, I think having the push certificates works much better. No easy solution to all of this, just lots of yak-shaving :-(. -- Robin Hugh Johnson Gentoo Linux: Developer, Trustee & Infrastructure Lead E-Mail : robbat2@xxxxxxxxxx GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85 -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html