* Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote: > And the receiving side would just do the "git pull" and > automatically just get notified that "Yes, this push has been > signed by key Xyz Abcdef" If this approach is used then it would be nice to have a .gitconfig switch to require trusted pulls by default: to not allow doing non-signed or untrusted pulls accidentally, or for Git to warn in a visible, hard to miss way if there's a non-signed pull. This adds social uncertainty (and an element of a silent alarm) to a realistic attack: the attacker wouldnt know exactly how the puller checks signed pull requests, it's kept private. Thanks, Ingo -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html