Ted Ts'o <tytso@xxxxxxx> writes: > Suppose the project wasn't Linus, but some other project, say, a > ... > this, and are good (Kevin Mitnick or better) at social engineering > attacks. > > In this sort of scenario, it's useful if *other* people could > independently verify the Troll3 git tree via the crypto signatures, > even though the central maintainer couldn't be bothered to check the > crypto signatures. I think we are in total agreement here ;-) > Here's an idea.... what if the "signed push" information could be > embedded into the merge commit's description? That is, the > information could sent via a signed git tag, or some other mechanism,... I think you described what the signed-commit series that is cooking in 'next' is about way better than I have done so far ;-) The contributors sign the tips of their histories (which can independently be validated), the integrator pulls and can choose to bother or not to bother the tips s/he obtains, and the integrator signs his/her tip before s/he pushes the integration result out for general consumption. > ... > The problem with notes and tags is that they have to be pushed > separately, and might get lost; where as if they are stored in the > merge commit's description, they will always be there. Exactly. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html