Currently, git only stores push certificates if there is a receive hook present. This may violate the principle of least surprise (e.g., I pushed with --signed, and I don't see anything in upstream). Additionally, push certificates could be more versatile if they are not tightly bound to git hooks. Finally, it would be useful to verify the signed pushes at later points of time with ease. A named ref is added for ease of access/tooling around push certificates. If the last push was signed, ref/PUSH_CERT stores the ref of the latest push cert otherwise it is empty. Sending patches as RFC since the documentation would have to be updated and git gc might have to be patched to not garbage collect the latest push certificate. This patch applies on master (3ec7d702a) Shikher Verma (2): Always write push cert to disk Store latest push cert ref in PUSH_CERT builtin/receive-pack.c | 25 ++++++++++++++++++++----- path.c | 1 + path.h | 1 + 3 files changed, 22 insertions(+), 5 deletions(-) -- 2.14.1
