On Fri, May 2, 2008 at 7:03 AM, Junio C Hamano <gitster@xxxxxxxxx> wrote: > I suspect that, with the "push to incoming, vet there and move to > verified" workflow, you do not need a special GPG-signed list. You can > instead have the pusher sign the tip using the usual signed-tag mechanism, > which would sign the whole history leading to it, and have him push that > tag to the incoming together with the tip update. You obviously do not > need nor want to move that signed tag to the final area. Yes. Though it makes a post-facto audit of who-pushed-which-commits trickier - you'll have to correlate the reflogs in the server with the signed tags. Having an explicit signature on a list of commits is a bit more direct, easier to audit... IMHO anyway ;-) cheers, m -- martin.langhoff@xxxxxxxxx martin@xxxxxxxxxx -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
