Re: please use signed git commits (and tags)

To: "debian-devel@lists.debian.org" <debian-devel@lists.debian.org>
Subject: Re: please use signed git commits (and tags)
From: Dimitri John Ledkov <xnox@debian.org>
Date: Sun, 24 May 2015 20:05:46 +0100
Message-id: <[🔎] CANBHLUiMnOsVPXj=xzvzQt7YLnPwP6tTGpRFW7x1edm9-suExA@mail.gmail.com>
In-reply-to: <[🔎] 20150524141221.GA13208@shiftout.net>
References: <[🔎] 7094846.o8fEMBCxiD@x121e> <[🔎] 20150524141221.GA13208@shiftout.net>

On 24 May 2015 at 15:12, Iain R. Learmonth <irl@fsfe.org> wrote:
> Hi,
>
> On Sun, May 24, 2015 at 01:02:38PM +0200, Thomas Koch wrote:
>> Git supports signing of commits since version 1.7.9. Everybody should sign git
>> commits always.
>
> What is the overhead on this?

I keep my main key offline these days, and I have my subkeys on
YubiKey Neo which i use for day to day signing, encryption and
authentication (ssh). Thus my ssh key is always on me.
I also sign all git commits. The most usable thing this game we, when
somebody else did a bad rebase, and then people started to query why I
broke the build, but it was quick for me to establish that those
commits were not signed and there was a rebase done.

Overhead does not impact productivity. I ponder & rebase / rewrite
commit messages, than notice signing delay.

-- 
Regards,

Dimitri.

Reply to:

References:
- please use signed git commits (and tags)
  - From: Thomas Koch <thomas@koch.ro>
- Re: please use signed git commits (and tags)
  - From: "Iain R. Learmonth" <irl@fsfe.org>

Prev by Date: Bug#786709: ITP: goocanvas-2.0 -- canvas widget for GTK+ that uses the cairo 2D library
Next by Date: Re: please use signed git commits (and tags)
Previous by thread: Re: please use signed git commits (and tags)
Next by thread: Re: please use signed git commits (and tags)
Index(es):
- Date
- Thread