On 10/19/2016 01:00 AM, Robin H. Johnson wrote:
> One of the downsides both the git-am and cherry-pick workflows are that
> they invalidate or otherwise omit commit signatures.
> git-merge on the other hand does preserve the signature as the original
> commit is intact, and the merge commit is where the signature of the
> gentoo developer is introduced.
> I agree clean history is valuable, but verifiable attribution may in
> fact be more important.
Yes, I don't like this aspect of any workflow that breaks history but I
personally feel that for the sake of both 'cleanliness' and ease of use
that the git am (or cherry-pick) workflow is best.  I could possibly see
the possibility of tampering with the patch could be a problem
(attribution as you say) but in the end a developer still committed it.
Authored-by and Committed-by being different fields I feel the main one
infra needs to worry about is Committed-by.

Matthew Thode (prometheanfire)

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to