[Cryptech Core] git, again

Rob Austein sra at hactrn.net
Sun Jan 12 23:52:26 UTC 2014


At Mon, 13 Jan 2014 00:42:09 +0100, Leif Johansson wrote:
> On 2014-01-13 00:31, Rob Austein wrote:
> >
> > The basic mechanism seems straightforward enough, although I'm not yet
> > sure about all the details of enforcing such a policy (manual
> > enforcement?  attempt to automate via commit hooks?  how does this
>
> ft has some experience with this. we're using signed tags (pre 1.7) for
> most of our cfg mgmt repos over here and I think (ft?) we use commit
> hooks for enforcing some part of that but I'll let ft speak to that

My understanding, both from what I think Peter requested and from what
I've read since, is that if we're going to bother with this, we want
to sign all commits, not just tags and not just merge commits.

I guess it's up to individual developers whether they choose to squash
into a single signed commit and only push that, as from the outside
this would be indistinguishable from a developer so clever that s/he
never needs to make more than one commit before pushing. :)



More information about the Core mailing list