On Fri, Jun 14, 2013 at 12:02:01PM -0700, Eric Fleischman wrote:
> We think we know how to deal with signed commits & auto-reject such
> commits at build time, as well as clean up. But we're worried that
> folks won't sign on the way in accidentally. We don't know of a good
> way to force the team to always sign commits yet, especially as they
> get new machines and what hav eyou.
> Is there a way to add something to the repo config to force, or at
> least default, this?
> We considered forking git and forcing this on the team, forcing them
> to sign for our repos. But we'd love to avoid this sort of
> heavy-handed approach.
I might miss something here, but couldn't you just write a pre-commit
hook on the client side to help the developers remember and a post-receive
hook on the server side to actually enforce this?
With that said, I'm a bit skeptical about enforcing ways to use
software. It usually hide real social problems instead. For example, if
your developers doesn't understand the value in always signing their
commits, can you trust that they protect their gpg-key well enough?
Med vänliga hälsningar
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html