From: Michael J Gruber <git@drmicha•warpmail.net>
To: Git Mailing List <git@vger•kernel.org>
Cc: "Robin H. Johnson" <robbat2@gentoo•org>,
Junio C Hamano <gitster@pobox•com>
Subject: Re: [PATCH] commit: teach --gpg-sign option
Date: Fri, 07 Oct 2011 10:40:30 +0200 [thread overview]
Message-ID: <4E8EBAFE.8020805@drmicha.warpmail.net> (raw)
In-Reply-To: <robbat2-20111006T221637-481195848Z@orbis-terrarum.net>
[readding JCH to cc whom you dropped]
Robin H. Johnson venit, vidit, dixit 07.10.2011 00:24:
> On Wed, Oct 05, 2011 at 05:56:55PM -0700, Junio C Hamano wrote:
>> And this uses the gpg-interface.[ch] to allow signing the commit, i.e.
>>
>> $ git commit --gpg-sign -m foo
>> You need a passphrase to unlock the secret key for
>> user: "Junio C Hamano <gitster@pobox•com>"
>> 4096-bit RSA key, ID 96AFE6CB, created 2011-10-03 (main key ID 713660A7)
>>
>> [master 8457d13] foo
>> 1 files changed, 1 insertions(+), 0 deletions(-)
> I like it, but I have a couple of questions:
> 1. Are the sig lines used in computed SHA1/commitid of a given commit (I
> see examples w/ --amend and that would usually change the SHA1)?
Yes, just like with tag objects.
> 2. Can we allow more than one person sign a commit?
I don't think we support it now (tags) but we could allow concatenating
signatures since they are detached.
There's a somewhat delicate issue here: The signature (tag/commit) is a
signature on the contents of the object, and is itself not part of the
contents (or else we would have a chicken-egg-problem).
The sha1 of the object is determined by the content+header, i.e.
including the signature.
So, by adding a signature, you change the sha1, but any existing
signature remains valid.
This is also how you can try to achieve a specific sha1 for a given
object content...
> 3. If I have prepared a series on a local branch, and I want to sign all
> of them, is this a variant of rebase or?
If you really want to sign all you can rebase-i and use "exec" to do
that automatically, but there's no point: signing the top-most commit
serves the same purpose.
> I think this isn't a replacement for push certificates, but has value in
> itself. It's certainly provides better integration than the
> signature-in-note variants.
>
I do think it's meant as an implementation of push certificates. I don't
see any other value in it which could not be achieved by signed tags.
Can you describe any?
Michael
next prev parent reply other threads:[~2011-10-07 8:40 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-10-06 0:56 [PATCH] commit: teach --gpg-sign option Junio C Hamano
2011-10-06 15:50 ` Shawn Pearce
2011-10-06 17:11 ` Jonathan Nieder
2011-10-06 17:22 ` Matthieu Moy
2011-10-06 18:44 ` Michael J Gruber
2011-10-06 21:29 ` Junio C Hamano
2011-10-06 22:24 ` Robin H. Johnson
2011-10-07 8:40 ` Michael J Gruber [this message]
2011-10-07 11:18 ` Nguyen Thai Ngoc Duy
2011-10-09 16:32 ` Michael J Gruber
2011-10-09 22:57 ` Robin H. Johnson
2011-10-09 23:18 ` Junio C Hamano
2011-10-11 0:38 ` Robin H. Johnson
2011-10-09 20:00 ` Michael J Gruber
2011-10-09 21:22 ` Junio C Hamano
2011-10-10 6:33 ` Michael J Gruber
2011-10-10 16:35 ` Junio C Hamano
2011-10-09 22:27 ` Junio C Hamano
2011-10-10 6:33 ` Michael J Gruber
2011-10-10 16:45 ` Junio C Hamano
2011-10-11 6:39 ` Michael J Gruber
[not found] ` <CACBZZX6xsnAv4S8zAqi08bcqrghZ8nKdzFP=UNCqZOqrEeLFnA@mail.gmail.com>
2011-10-10 4:58 ` Junio C Hamano
2011-10-19 0:20 ` [PATCH v3 0/3] Signed-commit Junio C Hamano
2011-10-19 0:20 ` [PATCH v3 1/3] Split GPG interface into its own helper library Junio C Hamano
2011-10-19 0:20 ` [PATCH v3 2/3] commit: teach --gpg-sign option Junio C Hamano
2011-10-19 0:20 ` [PATCH v3 3/3] log: --show-signature Junio C Hamano
2011-10-20 0:36 ` [PATCH v4 0/5] Signed-commit Junio C Hamano
2011-10-20 0:36 ` [PATCH v4 1/5] Split GPG interface into its own helper library Junio C Hamano
2011-10-20 0:37 ` [PATCH v4 2/5] commit: teach --gpg-sign option Junio C Hamano
2011-10-20 0:37 ` [PATCH v4 3/5] log: --show-signature Junio C Hamano
2011-10-20 0:37 ` [PATCH v4 4/5] t7004: extract generic "GPG testing" bits Junio C Hamano
2011-10-20 0:37 ` [PATCH v4 5/5] test "commit -S" and "log --show-signature" Junio C Hamano
2011-10-22 5:01 ` [PATCH 7/5] pretty: %G[?GS] placeholders Junio C Hamano
2011-10-22 10:47 ` Elia Pinto
2011-10-22 17:55 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E8EBAFE.8020805@drmicha.warpmail.net \
--to=git@drmicha$(echo .)warpmail.net \
--cc=git@vger$(echo .)kernel.org \
--cc=gitster@pobox$(echo .)com \
--cc=robbat2@gentoo$(echo .)org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox