Mark Sapiro writes: > where linus argues that "Signing each commit is totally stupid." and > that you should sign tags but not commits.
I agree with Linus that signing all commits is probably unnecessary because of the SHA1 chain, but I disagree with signing only tags. I think that the theoretical sweet spot is signing merge commits (or branch head in case of a fast-forward) at push time. But pragmatically that's too annoying (requires user decision AFAIK, easy to omit, etc), so autosigning every commit FTW IMHO. Steve _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9