[ciphershed] Re: Requiring GPG Signatures on Git Commits
- From: Stephen R Guglielmo <srguglielmo@xxxxxxxxx>
- To: ciphershed@xxxxxxxxxxxxx
- Date: Thu, 12 Jun 2014 16:53:47 -0400
On Thu, Jun 12, 2014 at 4:53 PM, Stephen R Guglielmo
<srguglielmo@xxxxxxxxx> wrote:
> Hey list,
>
> The current policy is to require GPG signatures on all commits to the
> git repo. However, a user on git commented [1] that signing every
> commit is unnecessary and bad practice, and that we should only sign
> tags or releases. He cited two other pages in his comment.
>
> The citations mention automating this. I don't automate anything; I
> manually type in my private key password for every commit. The idea
> behind it is to give consistency, trust, and integrity. To ensure that
> the person commit the change is in fact the person commiting the
> change.
>
> Obviously, I'm "pro-signing." Does everyone else feel the same? Or
> should we drop the requirement to sign every commit?
>
> -Steve
Oops, forgot to include the link.
https://github.com/CipherShed/CipherShed/issues/3#issuecomment-45879359
Other related posts:
