On Wed, 2011-11-02 at 21:13 -0700, Linus Torvalds wrote: > No, my main objection to saving the data is that it's ugly and it's > redundant. Sure, in practice you can check the signatures later fine > (with the rare exceptions you mention), but even when you can do it, > what's the big upside? Another objection (although it may not be insurmountable) is that it's not necessarily *entirely* clear what's being signed. In the simple case where I clone your tree, make a few commits with my Signed-off-by:, sign a tag and then ask you to pull, that's easy enough. I'm vouching for what I committed, and not for everything that was in your tree beforehand. But what if I'm working on top of someone else's published git tree? Does a signed tag at the top of *my* work imply that I'm vouching for all of theirs too? In the case where the signature is ephemeral and only used for you to trust my pull request, the answer is simple: If that other work wasn't in your tree yet at the time I send my pull request, I'd damn well better be vouching for it when I ask you to pull it. Nothing new there. But if we're keeping signatures around for auditing purposes, we'd better have a coherent answer to that question. One that isn't "a signature cover everything since the last commit with torvalds@ as the committer", if we want it to be useful for the general case. -- dwmw2 -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html