From: Nicolas Vigier <boklm@mars-attacks.org>
To: Junio C Hamano <gitster@pobox.com>
Cc: git@vger.kernel.org
Subject: Re: [PATCH] Add the commit.gpgsign option to sign all commits
Date: Tue, 5 Nov 2013 12:28:40 +0100 [thread overview]
Message-ID: <20131105112840.GZ4589@mars-attacks.org> (raw)
In-Reply-To: <xmqqppqfag2e.fsf@gitster.dls.corp.google.com>
On Mon, 04 Nov 2013, Junio C Hamano wrote:
> Nicolas Vigier <boklm@mars-attacks.org> writes:
>
> > If you want to GPG sign all your commits, you have to add the -S option
> > all the time. The commit.gpgsign config option allows to sign all
> > commits automatically.
>
> I'm somewhat horrified to imagine the end-user experience this
> "feature" adds to the system; if one sets htis configuration and
> then runs "git rebase" or anything that internally creates or
> recreates commits, does one have to sign each and every commit, even
> if such a rebase was done merely as a trial run to see if a topic
> can be rebased to an older codebase, or something?
If the problem is users having to type their passphrase to sign each
commit, we can suggest using an agent in the option description :
commit.gpgsign::
A boolean to specify whether all commits should be GPG signed.
Use of this option when doing operations such as rebase can
result in a large number of commits being signed. It is therefore
convenient to use an agent to avoid typing your gpg passphrase
several times.
An example of why someone might want to use this option is :
You use git to store deployement scripts for some servers. Those
servers have a cron job that pull from the git repository and run the
scripts as root. Anyone with root access on the server hosting the git
repository can then gain root access to all your servers quite easily.
You want to avoid this, so you decide that all commits should be gpg
signed, and your servers will now do "git pull --verify-signatures".
People who work on this repository will want to set "commit.gpgsign"
so they don't have to add the -S option all the time.
next prev parent reply other threads:[~2013-11-05 11:28 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-04 23:14 [PATCH] Add the commit.gpgsign option to sign all commits Nicolas Vigier
2013-11-04 23:43 ` Junio C Hamano
2013-11-05 0:03 ` Nicolas Vigier
2013-11-05 0:03 ` brian m. carlson
2013-11-05 11:28 ` Nicolas Vigier [this message]
2013-11-05 19:10 ` Junio C Hamano
2013-11-06 19:27 ` Nicolas Vigier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131105112840.GZ4589@mars-attacks.org \
--to=boklm@mars-attacks.org \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).