On Sat, Feb 10, 2007 at 09:56:25AM -0800, Linus Torvalds wrote: > We could verify tags automatically, of course, but the question is, what > would the policy be? What I would propose (post-1.5.0!) is that the policy file be local to the repository, and consist of an ordered list of regular expressions and and lists of PGP keys associated with each regexp. So for example, I might have in my repository a config file which states that any tag that matches v2.6.[0-9]+ and v2.6.[0-9]+-rc[0-9]+ must be signed by PGP key 0x76E21CBB (Linus's key). What I would very much like is for the tags to be automatically verified whenever I do a git-fetch operation, and for me to get a big, fat, warning if some tag isn't signed by an authoried key. So this would help make sure that when I'm pulling from kernel.org, I'm getting something that originally came from Linus, and someone hasn't managed to insert trojan into the git tree, but it doesn't help in between releases. In order to solve that problem we would have to have some kind of scheme where branch heads could be optionally signed, and then transfered over to the public repository. Then, in the git config file, we could list an expected set of keys that should sign any branch head for a particular tracking branch. Since all of this is local policy, someone who wanted to have a different set of trusted peers, they could do so. And, of course, someone who wanted to run completely open with no gpg signature checking at all could do so. (aka "rms/rms mode" :-) Does this make sense? - Ted - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html