On Wed, May 21, 2014 at 7:10 PM, Wladimir <laa...@gmail.com> wrote: > Hello Chris, > > On Wed, May 21, 2014 at 6:39 PM, Chris Beams <ch...@beams.io> wrote: >> I'm personally happy to comply with this for any future commits, but wonder >> if you've considered the arguments against commit signing [1]? Note >> especially the reference therein to Linus' original negative opinion on >> signed commits [2]. > > Yes, I've read it. But would his alternative, signing tags, really > help us more here? How would that work? How would we have to structure > the process?
I think a compromise - that is similar to signing tags but would still work with the github process, and leaves a trail after merge - would be: if you submit a stack of commits, only sign the most recent one. As each commit contains the cryptographic hash of the previous commit, which in turns contains the hash of that before it up to the root commit, signing every commit if you have multiple in a row is redundant. I'll update the document and put it in the repository. Wladimir ------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development