On Fri, Jun 14, 2013 at 12:02:01PM -0700, Eric Fleischman wrote: > We think we know how to deal with signed commits & auto-reject such > commits at build time, as well as clean up. But we're worried that > folks won't sign on the way in accidentally. We don't know of a good > way to force the team to always sign commits yet, especially as they > get new machines and what hav eyou. > > Is there a way to add something to the repo config to force, or at > least default, this? > We considered forking git and forcing this on the team, forcing them > to sign for our repos. But we'd love to avoid this sort of > heavy-handed approach. > > Thx! > Eric Hi, I might miss something here, but couldn't you just write a pre-commit hook on the client side to help the developers remember and a post-receive hook on the server side to actually enforce this? With that said, I'm a bit skeptical about enforcing ways to use software. It usually hide real social problems instead. For example, if your developers doesn't understand the value in always signing their commits, can you trust that they protect their gpg-key well enough? -- Med vänliga hälsningar Fredrik Gustafsson tel: 0733-608274 e-post: iveqy@xxxxxxxxx -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html