On Tue, Apr 26, 2016 at 12:25:11AM +0200, Ludovic Courtès wrote: > Hello! > > Christopher Allan Webber skribis: > > > On top of that, even if you run from git proper what there isn't a test > > about is: can you trust those latest commits? Git doesn't really check, > > at least by default. > > > > https://mikegerwitz.com/papers/git-horror-story > > > > How about this: anyone with commit access should use "signed off by" and > > gpg signatures combined. We should keep some list of guix committers' > > gpg keys. No commit should be pushed to guix without a gpg signature. > > At this point, at least, there is some possibility of auditing things. > > To make progress on this front, I’ve decided to start signing all my > commits, so: > > --8<---------------cut here---------------start------------->8--- > $ git config commit.gpgsign > true > $ git config --global user.signingkey > 090B11993D9AEBB5 > --8<---------------cut here---------------end--------------->8--- > > I invite everyone to do the same. Hopefully, within a few weeks, we can > add a commit hook to reject unsigned commits. Okay. > Note that we’ll be signing patches we push on behalf of contributors who > do not have commit access (reviewer’s responsibility). > > Also, rebasing, amending, and cherry-picking code signed by someone else > would lose the original signature, which isn’t great and should be > avoided, if possible. I think it's common to make minor edits when committing on behalf of others. For example, the committer might clean up a commit message or standardize indentation. How should we handle this?