> > The main worry is Linus ($human_who_pulls) gets > cryptographically-verified data at the time he pulls. Once Linus > republishes his tree (git push), there will be few, if any, wanting to > verify Jeff Garzik's signature. > > So no, I don't see that as a _driving_ need in the kernel's case. > > And IMO the kernel will be a mix of signed and unsigned content for a > while, possibly forever. > I think the desire is to be able to deconstruct things if things were to go wrong. -hpa -- H. Peter Anvin, Intel Open Source Technology Center I work for Intel. I don't speak on their behalf. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html