[prev in list] [next in list] [prev in thread] [next in thread] 

List:       git
Subject:    Re: Preventing unsigned commit/merge/tag
From:       "brian m. carlson" <sandals () crustytoothpaste ! net>
Date:       2013-12-31 19:27:37
Message-ID: 20131231192736.GI451338 () vauxhall ! crustytoothpaste ! net
[Download RAW message or body]

On Tue, Dec 31, 2013 at 12:49:01PM -0500, shawn wilson wrote:
> What's the best way of doing this? I'd prefer this be a pre hook on
> the server that rejects and the user has to rebase and fix their
> stuff. Though, if there's some way to make it easier for users not to
> mess up (other than an alias for everything which I'll probably do
> anyway) that would be useful. Any ideas?

I don't believe the sign-on-rebase stuff ever got picked up, so at the
moment this wouldn't be a good idea, since each and every commit would
have to be manually amended.  It seems it never made it from the list
into Junio's queue whatsoever.  And the always-sign code is only in pu
at the moment.

But if you wanted to anyway, you could simply use a pre-receive hook and
walk the tree, verifying the signatures of each commit against some
canonical list of approved keys.

--=20
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187

["signature.asc" (application/pgp-signature)]
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[prev in list] [next in list] [prev in thread] [next in thread]