Re: please use signed git commits (and tags)

To: debian-devel@lists.debian.org
Subject: Re: please use signed git commits (and tags)
From: Bastian Blank <waldi@debian.org>
Date: Mon, 25 May 2015 10:33:06 +0200
Message-id: <[🔎] 20150525083306.GA8683@mail.waldi.eu.org>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 3844024.BrcdrFXiHE@x121e>
References: <[🔎] 7094846.o8fEMBCxiD@x121e> <[🔎] 3844024.BrcdrFXiHE@x121e>

On Mon, May 25, 2015 at 09:51:41AM +0200, Thomas Koch wrote:
> On Sunday 24 May 2015 13:02:38 Thomas Koch wrote:
> > Git supports signing of commits since version 1.7.9. Everybody should sign
> > git commits always.
> There is however the argument that by signing every commit by default one may 
> accidentally publish a signature on some unverified code and somebody else may 
> trust this code because of this.

Much worse, do you trust all your development machines with your private
key?  I clearly don't, as I neither have sole control over them, nor are
all of them located in jurisdictions I can expect any help against
seizure.

Bastian

-- 
Yes, it is written.  Good shall always destroy evil.
		-- Sirah the Yang, "The Omega Glory", stardate unknown

Reply to:

Follow-Ups:
- Re: please use signed git commits (and tags)
  - From: Tzafrir Cohen <tzafrir@cohens.org.il>
- Re: please use signed git commits (and tags)
  - From: Christiaan de Die le Clercq <contact@techwolf12.nl>
- Re: please use signed git commits (and tags)
  - From: Dimitri John Ledkov <xnox@debian.org>

References:
- please use signed git commits (and tags)
  - From: Thomas Koch <thomas@koch.ro>
- Re: please use signed git commits (and tags)
  - From: Thomas Koch <thomas@koch.ro>

Prev by Date: Re: Proposal, a Build-Depends-Optional field
Next by Date: Re: Proposal, a Build-Depends-Optional field
Previous by thread: Re: please use signed git commits (and tags)
Next by thread: Re: please use signed git commits (and tags)
Index(es):
- Date
- Thread