1 |
On Wed, 11 May 2016 02:18:03 +1200 |
2 |
Kent Fredric <kentfredric@×××××.com> wrote: |
3 |
|
4 |
> On 11 May 2016 at 00:04, Alexis Ballier <aballier@g.o> wrote: |
5 |
> > well, then I can commit crap with --author mrp@g.o and claim |
6 |
> > he made me rebase it :) |
7 |
> |
8 |
> |
9 |
> Well, if you're going down that line ... |
10 |
> |
11 |
> You don't rebase it, you just merge it, than then mrp claims obama |
12 |
> forced his hand to write the commit at gunpoint and sign it, and |
13 |
> that's why he is both --author and --committer |
14 |
> |
15 |
> That's obviously silly talk :D |
16 |
|
17 |
|
18 |
yes, and it was meant to be :) |
19 |
|
20 |
|
21 |
my point was more that if we want signed commits, then better have |
22 |
author sign it, and thus use merge |
23 |
|
24 |
if we just want committer signature, then I don't really see the |
25 |
point in signing: it isnt more secure than pecker access + ldap |
26 |
password, and infra could simply sign public git trees with a unique |
27 |
gentoo key |
28 |
|
29 |
[...] |