On Fri 05 Aug 2016 16:59, Leo Famulari <l...@famulari.name> writes: > On Fri, Aug 05, 2016 at 09:35:59AM +0200, Andy Wingo wrote: >> Yeah. I guess I don't see see "author misattribution on unsigned >> commits" as part of the threat model. >> >> My mental model is that if you have a signed commit A with unsigned >> parents B, C, ..., that it's the person who signed commit A who signs >> off on commits B, C, and so on. That person attests to the integrity of >> that range of commits, *including* the author field(s). > > But, how does anyone know that the person who signed A attests to B and > C? I don't think Git has a feature that conveys that intention.
Why would you sign a commit if you don't attest to intermediate unsigned commits? A