Jeff King p...@peff.net writes:
First off, I agree that verify-tag is probably not the right place.
There _is_ no tag object to verify anymore (the only reason it is a tag
at all is that the signature came out of what once was a tag).
Yes, if we imagine that the header were called mergesig,
Jeff King venit, vidit, dixit 16.06.2014 22:39:
On Mon, Jun 16, 2014 at 01:34:20PM -0700, Junio C Hamano wrote:
Your middle example above did make me think of one other thing, though.
As you noted, we actually have _three_ signature types:
1. signed tags
2. signed commits
3.
Michael J Gruber venit, vidit, dixit 27.06.2014 14:31:
Jeff King venit, vidit, dixit 16.06.2014 22:39:
On Mon, Jun 16, 2014 at 01:34:20PM -0700, Junio C Hamano wrote:
Your middle example above did make me think of one other thing, though.
As you noted, we actually have _three_ signature
Michael J Gruber venit, vidit, dixit 27.06.2014 14:49:
Michael J Gruber venit, vidit, dixit 27.06.2014 14:31:
Jeff King venit, vidit, dixit 16.06.2014 22:39:
On Mon, Jun 16, 2014 at 01:34:20PM -0700, Junio C Hamano wrote:
Your middle example above did make me think of one other thing, though.
Michael J Gruber venit, vidit, dixit 27.06.2014 14:49:
Michael J Gruber venit, vidit, dixit 27.06.2014 14:31:
Jeff King venit, vidit, dixit 16.06.2014 22:39:
On Mon, Jun 16, 2014 at 01:34:20PM -0700, Junio C Hamano wrote:
Your middle example above did make me think of one other thing, though.
Michael J Gruber g...@drmicha.warpmail.net writes:
A merge commit with embedded signed tag it is, then.
The commit could carry it's own commit signature, couldn't it?
Yes, an integrator can choose to sign a merge he creates, merging
the work by a contributor who gave him a pull-request for a
Michael J Gruber g...@drmicha.warpmail.net writes:
... or an extension ref^{mergetag} to our machinery, defaulting to the
tag object containing the mergetag for the 2nd parent, with an optional
version ref^{mergetag}n?
One thing you should not forget is that with mergetag, the original
tag
On Fri, Jun 27, 2014 at 11:36:47AM -0700, Junio C Hamano wrote:
Michael J Gruber g...@drmicha.warpmail.net writes:
A merge commit with embedded signed tag it is, then.
The commit could carry it's own commit signature, couldn't it?
Yes, an integrator can choose to sign a merge he
Junio C Hamano venit, vidit, dixit 13.06.2014 19:06:
Jeff King p...@peff.net writes:
I realize this isn't really your itch to scratch. It's just that when I
see a description like verify a commit, I wonder what exactly verify
means.
I think that is an important point. If a tool only
On Fri, Jun 13, 2014 at 10:06:10AM -0700, Junio C Hamano wrote:
Jeff King p...@peff.net writes:
I realize this isn't really your itch to scratch. It's just that when I
see a description like verify a commit, I wonder what exactly verify
means.
I think that is an important point. If a
Jeff King p...@peff.net writes:
On Fri, Jun 13, 2014 at 10:06:10AM -0700, Junio C Hamano wrote:
...
and more, perhaps?
That is certainly the direction I was thinking of when I suggested git
verify.
However, I do not think it is too bad a thing to add a verify-commit
that matches
On Mon, Jun 16, 2014 at 01:34:20PM -0700, Junio C Hamano wrote:
Your middle example above did make me think of one other thing, though.
As you noted, we actually have _three_ signature types:
1. signed tags
2. signed commits
3. merges with embedded mergetag headers
We
On Fri, Jun 06, 2014 at 04:15:28PM +0200, Michael J Gruber wrote:
Commit signatures can be verified using git show -s --show-signature
or the %G? pretty format and parsing the output, which is well suited
for user inspection, but not for scripting.
Provide a command verify-commit which is
Jeff King venit, vidit, dixit 13.06.2014 10:02:
On Fri, Jun 06, 2014 at 04:15:28PM +0200, Michael J Gruber wrote:
Commit signatures can be verified using git show -s --show-signature
or the %G? pretty format and parsing the output, which is well suited
for user inspection, but not for
On Fri, Jun 13, 2014 at 11:55:22AM +0200, Michael J Gruber wrote:
Did you give any thought to just having a git verify command, instead
of separate tag/verify commands?
Yes. (mathematician's answer)
Cute.
You know not only the outcome but also why I refrained from doing so:
Jeff King p...@peff.net writes:
I realize this isn't really your itch to scratch. It's just that when I
see a description like verify a commit, I wonder what exactly verify
means.
I think that is an important point. If a tool only verifies the
signature of the commit when conceivably other
On 6. Juni 2014 16:15:28 MESZ, Michael J Gruber g...@drmicha.warpmail.net
wrote:
Commit signatures can be verified using git show -s --show-signature
or the %G? pretty format and parsing the output, which is well suited
for user inspection, but not for scripting.
Provide a command
17 matches
Mail list logo