[Mailman-Developers] Signing commits with gpg
Stephen J. Turnbull
turnbull.stephen.fw at u.tsukuba.ac.jp
Thu Oct 26 01:25:07 EDT 2017
Mark Sapiro writes:
> where linus argues that "Signing each commit is totally stupid." and
> that you should sign tags but not commits.
I agree with Linus that signing all commits is probably unnecessary
because of the SHA1 chain, but I disagree with signing only tags. I
think that the theoretical sweet spot is signing merge commits (or
branch head in case of a fast-forward) at push time.
But pragmatically that's too annoying (requires user decision AFAIK,
easy to omit, etc), so autosigning every commit FTW IMHO.
Steve
More information about the Mailman-Developers
mailing list