On Mon, 9 May 2016 05:07:45 +1200 Kent Fredric <[email protected]> wrote:
> On 9 May 2016 at 05:03, Alexis Ballier <[email protected]> wrote: > > I was under the impression that merging is needed in order to > > preserve commit signatures when e.g. merging someone else's work. > > > Correct, but if the person applying the commits to tree is in fact > reviewing them as they go, then the fact they re-sign it with their > own signature > ( and changing the commits "Committed by" in the process ) pretty much > means the chain of custody is preserved. yeah, i think we have the same chain of custody with ssh push auth + safe servers + ssl pull, we don't need signing for this. > That is, the fact the original signature is lost is immaterial, > because we only need it as a signature that /somebody/ actually is > responsible for the commit, and the person performing the rebase takes > the essential responsibility in the process. well, then I can commit crap with --author [email protected] and claim he made me rebase it :) I understand gpg signing of commits as a way to guarantee author is correctly set and claims the commit. Alexis.
