1 |
On 4 July 2015 at 23:28, Alexandre Rostovtsev <tetromino@g.o> wrote: |
2 |
> |
3 |
> On Sun, 2015-07-05 at 02:16 +0700, C Bergström wrote: |
4 |
> > 2) I don't understand your comment about signatures. |
5 |
> |
6 |
> Gpg commit signatures [1] which are a requirement for any gentoo git |
7 |
> workflow. Rebasing breaks the author's signature afaict, so the user |
8 |
> who is doing rebasing needs to re-sign the commit using his own key. |
9 |
> |
10 |
> [1] https://git-scm.com/book/tr/v2/Git-Tools-Signing-Your-Work#Signing-Commits |
11 |
> |
12 |
|
13 |
Maybe this is the root cause of all issues, and simpler was to remain |
14 |
with signed manifests. |
15 |
Just a thought... Not every git feature out there should be actually |
16 |
be leveraged. |
17 |
Doing so would enable rebase without loosing data, more secure (than |
18 |
SHA-1) signatures, using code review tools such as gerrit without an |
19 |
issue, migration out of git in future and probably more. |