On Tue, May 14, 2019 at 03:50:18PM -0400, Chris Laprise wrote: > When I look at review.coreboot.org and the patches have logged commits > (ostensibly, these are at least hashed) and I see "Patrick Georgi" as > reviewer... there is no assurance of fidelity from those records? So what is it you're missing that you require signatures for patches?
FWIW Gerrit (the software driving review.coreboot.org) supported signed pushes, but I don't think many people are aware of that or use the feature. It's also of somewhat limited use as Gerrit cherry-picks into master which loses the signature again. Patrick -- Google Germany GmbH, ABC-Str. 19, 20354 Hamburg Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: Hamburg Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
signature.asc
Description: PGP signature
_______________________________________________ coreboot mailing list -- [email protected] To unsubscribe send an email to [email protected]
