On Tue, Jun 14, 2016 at 10:41:38AM +0200, Alexander Berntsen wrote: > Friends, > > I saw Brian asking Michał to OpenPGP-sign his commits in IRC, to which > Michał quipped that we would have if it were enforced. So perhaps we > should just enforce it. Most of us do it -- but I see Zac not doing it > sometimes, seemingly at random. In any event, I don't think there's a > good reason *not* to sign things. > > What do you think? And what's the procedure/who do we talk to, to get > a pre-push hook set up to enforce it? A pre-push hook would only do it locally for you, it wouldn't enforce it on the server side.
Please file a bug to have infra turn it on for the repos you want (specify them in the bug). Here's the actual hook that's used: https://github.com/gentoo/git-gx86-tools/blob/master/hooks/dev-git/update-02-gpg Note that it only verifies on the master branch, and for merges, only the merge-commit onto master is verified. -- Robin Hugh Johnson Gentoo Linux: Dev, Infra Lead, Foundation Trustee & Treasurer E-Mail : robb...@gentoo.org GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136
