📅 Original date posted:2014-05-21
📝 Original message:On 05/21/2014 10:10 AM, Wladimir wrote:
> On Wed, May 21, 2014 at 6:39 PM, Chris Beams <chris at beams.io> wrote:
>> I'm personally happy to comply with this for any future commits, but wonder
>> if you've considered the arguments against commit signing [1]? Note
>> especially the reference therein to Linus' original negative opinion on
>> signed commits [2].
>
> Yes, I've read it. But would his alternative, signing tags, really
> help us more here?
Honest question: what would signed commits do to help us here anyway?
What's the problem being solved?
Unfortunately git places signatures in the history itself, so it's not
like we could use easily use signatures to indicate acceptance after
code review, like we could if we were using monotone for example. Git
just wasn't designed for a commit-signing workflow.
Mark Friedenbach [ARCHIVE] /
npub1r3…48d0u
2023-06-07 15:21:54
in reply to nevent1q…llt2
Author Public Key
npub1r3san9v5njl6798hvauyu9ntm6r9c7u8s0t65wls58gpfdcvqp5sa48d0uPublished at
2023-06-07 15:21:54Event JSON
{
"id": "8348b713ad5d502a782d3a1b7bf5922b3777e8e403a418f68a77418059c08113",
"pubkey": "1c61d995949cbfaf14f767784e166bde865c7b8783d7aa3bf0a1d014b70c0069",
"created_at": 1686151314,
"kind": 1,
"tags": [
[
"e",
"6ed0060b87c02af20d6af6fded563264095ae2a36fee168b566cb3b0da703edb",
"",
"root"
],
[
"e",
"cbd31d1817ff793c85001dff4a11574de5709440021d1c13182a1e730c3cb1e2",
"",
"reply"
],
[
"p",
"30217b018a47b99ed4c20399b44b02f70ec4f58ed77a2814a563fa28322ef722"
]
],
"content": "📅 Original date posted:2014-05-21\n📝 Original message:On 05/21/2014 10:10 AM, Wladimir wrote:\n\u003e On Wed, May 21, 2014 at 6:39 PM, Chris Beams \u003cchris at beams.io\u003e wrote:\n\u003e\u003e I'm personally happy to comply with this for any future commits, but wonder\n\u003e\u003e if you've considered the arguments against commit signing [1]? Note\n\u003e\u003e especially the reference therein to Linus' original negative opinion on\n\u003e\u003e signed commits [2].\n\u003e \n\u003e Yes, I've read it. But would his alternative, signing tags, really\n\u003e help us more here?\n\nHonest question: what would signed commits do to help us here anyway?\nWhat's the problem being solved?\n\nUnfortunately git places signatures in the history itself, so it's not\nlike we could use easily use signatures to indicate acceptance after\ncode review, like we could if we were using monotone for example. Git\njust wasn't designed for a commit-signing workflow.",
"sig": "179286c54a793737c13aa5b12c4a829744e967e6e79c1a399836dffae98f484d1917a624ca9b3073f68b9cbe80c3762d1c03354bb2acea07f213bf2b1aa34a49"
}