Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Git 1.7.9 added the ability to sign commits. Previously you could only sign tags:

  * "git commit" learned "-S" to GPG-sign the commit; this can be shown
   with the "--show-signature" option to "git log".
man git:

  All objects are named by the SHA1 hash of their contents, normally 
  written as a string of 40 hex digits. Such names are globally unique. 
  The entire history leading up to a commit can be vouched for by signing
  just that commit."


What would be really nifty would be the ability to add multiple signatures to commits.

Take a commit with signature[s], add a new signature (create a new commit that contains the previous signature[s] (which should still be valid if you don't change anything else) + your own).

I looked into this very briefly and think it should be possible, but didn't go any further than that.

This would I think be neat for creating things like code review systems that require a certain number of signatures from a larger set of potential signers before automatic deployment.


There's signed commits, yes. Is there also "apply these but only if they have a valid signature from one of these people"? That's what I didn't see.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: