Re: Teams of people using signed commits...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Jun 14, 2013 at 12:02:01PM -0700, Eric Fleischman wrote:
> We think we know how to deal with signed commits & auto-reject such
> commits at build time, as well as clean up. But we're worried that
> folks won't sign on the way in accidentally. We don't know of a good
> way to force the team to always sign commits yet, especially as they
> get new machines and what hav eyou.
> 
> Is there a way to add something to the repo config to force, or at
> least default, this?
> We considered forking git and forcing this on the team, forcing them
> to sign for our repos. But we'd love to avoid this sort of
> heavy-handed approach.
> 
> Thx!
> Eric

Hi,
I might miss something here, but couldn't you just write a pre-commit
hook on the client side to help the developers remember  and a post-receive
hook on the server side to actually enforce this?

With that said, I'm a bit skeptical about enforcing ways to use
software. It usually hide real social problems instead. For example, if
your developers doesn't understand the value in always signing their
commits, can you trust that they protect their gpg-key well enough?
-- 
Med vänliga hälsningar
Fredrik Gustafsson

tel: 0733-608274
e-post: iveqy@xxxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]