On Sun, Jul 05, 2015 at 09:05:12PM -0400, Rich Freeman wrote:
> All the gpg stuff really exposes the weakness of git being based on
> sha1 though. I wouldn't think that it would be that hard to change
> git's hash function, with the caveat that the resulting repositories
> might not be backwards-c
On 6 July 2015 at 08:01, William Hubbs wrote:
> Once we have a version of git stable that allows this, can someone fill
> me in on why we would need to sign commits if we sign pushes? If we have
> a signature on the push, we know where that came from, so it seems to be
> overkill to sign the commi
On Sun, Jul 5, 2015 at 4:01 PM, William Hubbs wrote:
>
> I've been hearing lately that the newest versions of git allow you to
> sign pushes.
>
> Once we have a version of git stable that allows this, can someone fill
> me in on why we would need to sign commits if we sign pushes? If we have
> a s
On 07/05/2015 04:01 PM, William Hubbs wrote:
> All,
>
> I've been hearing lately that the newest versions of git allow you to
> sign pushes.
>
> Once we have a version of git stable that allows this, can someone fill
> me in on why we would need to sign commits if we sign pushes? If we have
> a s
