On the other side, I just had another idea. What would be best to me
is to actually provide a _proof_ that at least the author acknowledges
the patch — whether he wrote it or not is another story and I don’t
think we can enforce that completely. The goal I want to achieve is that
if I send a patch via email, if the patch ends up committed by someone
else, I still want to be able to have a proof that “I wrote the patch.”
So assuming the committer is not of bad faith and doesn’t truncate my
git commit message… why not simply adding a “sign-off” like line at the
end of the commit, but instead of just putting a clear text that anyone
could tamper with, we would sign the date at which the commit was made?
For instance, I could have a git message like:
Fix typo.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Tue Jun 4 02:49:26 PM CEST 2024
-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQRsmRqgbXp8KFc3mc6pQ4aopiUuywUCZl8NVgAKCRCpQ4aopiUu
yyhWAQCScfP28Py0QbHuqzzOFyjAMwdK0LfwiGfYrfzfv0evlAD9Hd+x8NgvPq2p
nnnG5tQaHeIS/v8PMP0suy3QiWV8WQc=
=Ru+m
-----END PGP SIGNATURE-----
If a create another commit later with "Fix typo." as content, then the
date will be different and the signature won’t be the same.
What do you think?
Dimitri
Attachment:
signature.asc
Description: PGP signature
