1 |
On Tue, Jun 14, 2016 at 10:41:38AM +0200, Alexander Berntsen wrote: |
2 |
> Friends, |
3 |
> |
4 |
> I saw Brian asking Michał to OpenPGP-sign his commits in IRC, to which |
5 |
> Michał quipped that we would have if it were enforced. So perhaps we |
6 |
> should just enforce it. Most of us do it -- but I see Zac not doing it |
7 |
> sometimes, seemingly at random. In any event, I don't think there's a |
8 |
> good reason *not* to sign things. |
9 |
> |
10 |
> What do you think? And what's the procedure/who do we talk to, to get |
11 |
> a pre-push hook set up to enforce it? |
12 |
A pre-push hook would only do it locally for you, it wouldn't enforce it |
13 |
on the server side. |
14 |
|
15 |
Please file a bug to have infra turn it on for the repos you want |
16 |
(specify them in the bug). |
17 |
|
18 |
Here's the actual hook that's used: |
19 |
https://github.com/gentoo/git-gx86-tools/blob/master/hooks/dev-git/update-02-gpg |
20 |
Note that it only verifies on the master branch, and for merges, only |
21 |
the merge-commit onto master is verified. |
22 |
|
23 |
-- |
24 |
Robin Hugh Johnson |
25 |
Gentoo Linux: Dev, Infra Lead, Foundation Trustee & Treasurer |
26 |
E-Mail : robbat2@g.o |
27 |
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 |
28 |
GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136 |