Re: please use signed git commits (and tags)
On Tue, May 26, 2015, at 13:12, Jonathan Dowland wrote:
> On Mon, May 25, 2015 at 06:43:46PM +0200, Wouter Verhelst wrote:
> > Since signing changes the sha1 of the commit, only if rewriting history isn't a
> > problem.
>
> A solution to this without history rewriting is to tag the commits you
> want to sign.
>
> You could tag any commit at any time, and sign that tag. Impractical if
> you want to retroactively sign a huge swathe of commits, but not bad if you
> want to retroactively sign a handful of releases, say.
Just remember to have a meaningful comment/message for the signed tag,
because it can be duplicated/renamed at will.
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique de Moraes Holschuh <hmh@debian.org>
Reply to: