On Tue, Jun 5, 2012 at 2:50 AM, Michał Górny <firstname.lastname@example.org> wrote:
> On Mon, 4 Jun 2012 16:57:42 -0400
> Rich Freeman <email@example.com> wrote:
>> If you go back and look at the tree you see a bunch of signed and
>> unsigned commits. How do you easily detect how the unsigned ones got
>> there (via a dev with a merge commit, or via other means)?
> Well, that's not a very good solution but the server-side hooks could
> also verify the tree state before applying new commits.
The obvious problem with this is that it makes the git server a single
point of failure - if it is compromised the hooks will not help.
Hooks should nevertheless be there to eliminate mistakes.
Note that in no way are any of these git flaws any worse than the
status quo. I just want to avoid any false sense of security. I
think these are flaws that are worth fixing, and I think that was why
many have labored to get the signing enabled in git in the first
My suggestion is to keep working on this, but it shouldn't be
considered a blocker for adoption, since these are not new security
flaws, and if anything despite its holes git is an improvement.