Hello, I was just talking to another developer in my office about version control. He's working with Windows so has chosen Monotone for a version control system. I didn't have any huge objections, as I'm sure monotone can be migrated to git without much trouble (they look to support the same features from my brief reading). Of course my favourite is git, but we were talking about the certificates needed by monotone for each developer. I assume that monotone therefore signs every commit. It obviously crossed my mind as to how one would do that with git? We obviously already have the ability to sign a tag, but is there a way in which one could sign every commit. The more I think about it, the more it could be a reasonable question. In my own repository I can obviously create whatever commits i like, claiming them to be from whomever I like just by altering a few config settings. If I put a few of those in my own repository and then managed to persuade Junio to pull from me - wouldn't I have faked commits from another developer? However, I wouldn't be able to fake a gpg signature. Andy -- Dr Andy Parkins, M Eng (hons), MIEE andyparkins@xxxxxxxxx - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html