Bruno Haible <[email protected]> writes: > Arsen Arsenović wrote: >> The signature is not a signature of the author, >> it's the signature of the committer. > > Oh, that explains why commit signing is useful in the Linux kernel project, > - with the lieutenants and the subsystem maintainers, that commit and > forward patches from individual contributors, > - with the pull requests between the various trees ("staging" etc.). > > Whereas here, in a project with a central repository and few, but > well-behaved committers, it would be a pointless hassle.
FWIW, the hassle is extraordinarily minor. I set up commit signing on my machines something like six or perhaps eight years ago and have never had to intervene since. I believe that, if you have GPG keys with a UID matching your committer email (if you don't know what your committer email is, it's the same as user.email, which is your authoring email), it is enough to do 'git config --global commit.gpgSign true' IIRC. Note that I haven't tried that in a while. As I mentioned, it's been silently working for many years now for me. -- Arsen Arsenović
signature.asc
Description: PGP signature
