Re: rebase has no --verify-signatures
On Tue, Dec 08, 2015 at 01:21:25AM +, brian m. carlson wrote: > On Mon, Dec 07, 2015 at 03:00:15PM +0100, Alexander 'z33ky' Hirsch wrote: > > Is there any technical reason why rebase should not have a > > --verify-signatures flag? I have written a patch to git-rebase--am > > which enables it to do such a check. If there is no reason not to > > include it I'd add documentation and a test and submit it. > > As far as I know, there is no technical reason that it shouldn't. It's > probably that nobody has implemented it yet. I'd certainly be > interested in such a patch. > > For a thorough change, you'd probably want to make it work with > git-rebase--merge and git-rebase--interactive as well. I'm sure I'm not > the only person who frequently uses rebase -m. Ah, rebase -m. That sounds nice, I didn't know about this feature. In fact, I first tried to write the code in git-rebase--merge, thinking this is the default rebase script. git-rebase--interactive sounds a bit more difficult since you could easily modify commits, thereby removing previously GPG signed commits. Although this sounds like all the more reason why it would be useful to check for it. I'll look at the script and ponder about it. I'll post whatever I come up with on Thursday (probably) or Friday. I'll put you in the CC when I post the patch. Regards, Alexander Hirsch -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
rebase has no --verify-signatures
Hi, The git merge command has a --verify-signatures flag, which, when set, checks that the commits to be merged have trusted GPG signatures. git pull also knows this flag and forwards it to the merge command. However, doing a git pull --rebase --verify-signatures silently ignores it, since rebase has no --verify-signatures flag. Is there any technical reason why rebase should not have a --verify-signatures flag? I have written a patch to git-rebase--am which enables it to do such a check. If there is no reason not to include it I'd add documentation and a test and submit it. Otherwise I think git pull should warn, or even die with an error, if both --rebase and --verify-signatures are passed. Regards, Alexander Hirsch -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: rebase has no --verify-signatures
On Mon, Dec 07, 2015 at 03:00:15PM +0100, Alexander 'z33ky' Hirsch wrote: > Is there any technical reason why rebase should not have a > --verify-signatures flag? I have written a patch to git-rebase--am > which enables it to do such a check. If there is no reason not to > include it I'd add documentation and a test and submit it. As far as I know, there is no technical reason that it shouldn't. It's probably that nobody has implemented it yet. I'd certainly be interested in such a patch. For a thorough change, you'd probably want to make it work with git-rebase--merge and git-rebase--interactive as well. I'm sure I'm not the only person who frequently uses rebase -m. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | https://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187 signature.asc Description: PGP signature