[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Commit signing workflow
From: |
Ludovic Courtès |
Subject: |
Re: Commit signing workflow |
Date: |
Mon, 23 May 2016 23:45:46 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) |
Hello!
Leo Famulari <address@hidden> skribis:
> As requested in the discussion on "Trustable guix pull" [0], I've
> recently started signing the commits I push to Savannah.
>
> At first, I set "gpgsign = true" in my Guix repo's Git config. This
> requires you to sign every commit you make. It's effective, but I found
> it annoying to provide my signing key while doing exploratory hacking,
> rebasing a branch on master, etc.
>
> Instead, I want to sign after my final "self-review" and before pushing
> to Savannah or sending patches to the list for final review.
I use ‘gpg-agent’, which IMO makes things rather convenient, but YMMV.
> So, I've attached a pre-push Git hook that should prevent unsigned
> commits from being pushed to any remote [1].
I like this one, thanks! :-)
> I've also attached a shell function that will sign commits besides
> HEAD (useful for signing a range of commits). I didn't find a more
> Git-idiomatic way to sign an existing commit besides HEAD.
>
> Please let me know if you see any problems with this approach, or if you
> can suggest some improvements.
It seems reasonable to me.
Ludo’.