| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 18 Jan 2012 12:07:18 +1100 From: Andrew Ardill <andrew.ardill@...il.com> To: Junio C Hamano <gitster@...ox.com> Cc: git@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: Using signed tag in pull requests Looks pretty good Junio, though one of the lines was a bit confusing: On 18 January 2012 09:53, Junio C Hamano <gitster@...ox.com> wrote: > Starting from Git release v1.7.9, a contributor can add a signed tag to > the commit at the tip of the history and ask the integrator to pull that > signed tag. When the integrator runs `git pull`, the signed tag is > automatically verified to assure that the history is not tampered with. > In addition, the resulting merge commit records the content of the signed > tag, so that other people can verify that the branch merged by the > contributor was signed by the contributor, without fetching the signed tag I think you mean to say 'the branch merged by the integrator was signed by the contributor'. If you are talking about two separate contributors, or the same contributor merging one of her own branches, the wording can likely be improved. > used to validate the pull request separately and keeping it in the refs > namespace. Overall it was easy to understand and makes the whole workflow quite clear. Regards, Andrew Ardill -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists