On Thu, Mar 31, 2016 at 05:01:47PM -0400, Mike Marshall wrote:
>
> but from our kernel.org tree... pull requests for reviewed code
> from kernel.org doesn't need signed tags...
Signed tags are considered best practice, even if your git tree is
hosted on git.kernel.org. One of the reasons for this is because even
after Linus merges your changes, someone can independently verify that
the changes came from you; they don't have to trust Linus or whatever
git server they happened to pull the tree from. For example, try
running the command:
git show --show-signature faeb20ecfa398b043c3224607f512c009c51653d
You'll see something like this:
commit faeb20ecfa398b043c3224607f512c009c51653d
merged tag 'ext4_for_linus'
gpg: Signature made Wed 16 Mar 2016 05:25:58 PM EDT
gpg: using RSA key 0xF2F95956950D81A3
gpg: Good signature from "Theodore Ts'o <tytso@xxxxxxx>" [ultimate]
gpg: aka "Theodore Ts'o <tytso@xxxxxxxxxx>" [ultimate]
gpg: aka "Theodore Ts'o <tytso@xxxxxxxxxx>" [ultimate]
Primary key fingerprint: 3AB0 57B7 E78D 945C 8C55 91FB D36F 769B C118 04F0
Subkey fingerprint: 2B69 B954 DBFE 0879 2881 37C9 F2F9 5956 950D 81A3
Merge: 364e8dd 0304688
Author: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Date: Thu Mar 17 16:31:18 2016 -0700
Merge tag 'ext4_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4
Pull ext4 updates from Ted Ts'o:
"Performance improvements in SEEK_DATA and xattr scalability
improvements, plus a lot of clean ups and bug fixes"
So while a signed tag might not be _required_, it's definitely
preferred.
Cheers,
- Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
