On 2021-03-05 6:44 p.m., brian m. carlson wrote:
On 2021-03-05 at 16:47:14, Soni L. wrote: > We have a somewhat unusual use-case where we need to cross-sign commits. Is > there any way to do this in git? As far as one can tell, attempting to > cross-sign a commit would cause its hash to change, and creating a signed > child commit would break fast-forward merges. So these are a no-go. Can you explain what you mean by "cross-signing"? Are you proposing a situation where two parties sign the same commit?
Yep. See, the repos enforce signing, but they can also be forks. If someone wants to track upstream in one of their branches they just can't. Would be cool if they could just say they trust the commits by signing the relevant commits with their own key instead - on the assumption that they actually reviewed said commits.
