On 10/24/2017 02:18 PM, Barry Warsaw wrote: > On Oct 24, 2017, at 16:52, Abhilash Raj <maxk...@asynchronous.in> wrote: >> >> Gitlab now supports verification of commit signatures and it would be >> awesome if we start signing commits. It is a relatively painless process >> and happens automatically with little configuration. > > Very cool that GL has enabled this! Thanks for sending the recipe too. I > definitely encourage folks (especially core devs) to start signing commits.
I have set my .gitconfig to automatically sign commits (I already had my signingkey in the [user] section, but I didn't have [commit] gpgsign = true which I now do). I remember looking into signing commits when we first switched from bzr to git because I was used to signing all commits. At that time, it seemed controversial. See, e.g., <http://git.661346.n2.nabble.com/GPG-signing-for-git-commit-tp2582986p2583316.html> where linus argues that "Signing each commit is totally stupid." and that you should sign tags but not commits. I don't know enough about the internals of this to have an opinion, and as I said I will be signing my commits going forward, and the post I link to is over 8 years old and things might have changed, but there it is for what it's worth. -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9