On 9 May 2016 at 05:03, Alexis Ballier <aball...@gentoo.org> wrote:
> I was under the impression that merging is needed in order to preserve
> commit signatures when e.g. merging someone else's work.

Correct, but if the person applying the commits to tree is in fact
reviewing them as they go, then the fact they re-sign it with their
own signature
( and changing the commits "Committed by" in the process ) pretty much
means the chain of custody is preserved.

That is, the fact the original signature is lost is immaterial,
because we only need it as a signature that /somebody/ actually is
responsible for the commit, and the person performing the rebase takes
the essential responsibility in the process.

The original author metadata is however, not lost in this process,
only commit metadata changes. ( And the signature is commit metadata,
not author metadata )


KENTNL - https://metacpan.org/author/KENTNL

Reply via email to