== What Git supports signing of commits since version 1.7.9. Everybody should sign git commits always.
== Why - The haskell team has a git repository with tools that maintainers should clone and use. I cloned the repo. How should I trust all this scripts? - Somebody wants to contribute to the packaging of something. She clones the repo and wants to run dpkg-buildpackage on it. There's no trust in debian/rules at this point. - not debian related: http://mikegerwitz.com/papers/git-horror-story == How - Tell git what key to use: git config --global user.signingkey $YOURKEYID - sign one commit: git commit --gpg-sign - always sign all commits: git config --global commit.gpgsign true - Verifiy commits git log --show-signature - http://git-scm.com/book/es/v2/Git-Tools-Signing-Your-Work Thank you, Thomas Koch -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/7094846.o8fEMBCxiD@x121e
