On Thu, Oct 20, 2022 at 06:26:49AM +0200, Matěj Cepl wrote: > did anybody even think about %subj%? Is there some effort somewhere making > git-send-email(1) supporting transfer of signed commits, where I could join? > I like hosting sites like sr.ht, which support git-send-email(1), but > unfortunately using that clears my submission off its GPG signatures. I > guess, it would be necessary to make some modifications to git-send-email(1) > and git-am(1). Is there some effort somewhere in that direction? I think there's an inherent problem here. A commit signature is over the entire commit object. But when you send a patch, you don't know the exact bytes of the resulting commit object. In particular, the "committer" line will have the ident and timestamp from when the receiver applies the patch and turns it into a commit. So commit signatures are generally an attestation by the committer, not by the author. It's just that the two are usually the same when you are committing locally. I think you would need some kind of "author-sig" header that signs the commit object bytes _without_ the commit header at all. And that assumes the maintainer's workflow is to never modify a patch in transit, and to apply it at the exact same spot that you wrote it (so that the parent and tree ids remain the same). -Peff
