| 1 |
On Wed, 11 May 2016 02:18:03 +1200 |
| 2 |
Kent Fredric <kentfredric@×××××.com> wrote: |
| 3 |
|
| 4 |
> On 11 May 2016 at 00:04, Alexis Ballier <aballier@g.o> wrote: |
| 5 |
> > well, then I can commit crap with --author mrp@g.o and claim |
| 6 |
> > he made me rebase it :) |
| 7 |
> |
| 8 |
> |
| 9 |
> Well, if you're going down that line ... |
| 10 |
> |
| 11 |
> You don't rebase it, you just merge it, than then mrp claims obama |
| 12 |
> forced his hand to write the commit at gunpoint and sign it, and |
| 13 |
> that's why he is both --author and --committer |
| 14 |
> |
| 15 |
> That's obviously silly talk :D |
| 16 |
|
| 17 |
|
| 18 |
yes, and it was meant to be :) |
| 19 |
|
| 20 |
|
| 21 |
my point was more that if we want signed commits, then better have |
| 22 |
author sign it, and thus use merge |
| 23 |
|
| 24 |
if we just want committer signature, then I don't really see the |
| 25 |
point in signing: it isnt more secure than pecker access + ldap |
| 26 |
password, and infra could simply sign public git trees with a unique |
| 27 |
gentoo key |
| 28 |
|
| 29 |
[...] |
Archives