On Fri, Apr 20, 2018 at 11:36:03 +0100, Daniel Berrange wrote:
On Fri, Apr 20, 2018 at 12:22:35PM +0200, Martin Kletzander wrote:
On Thu, Apr 19, 2018 at 05:29:22PM +0100, Daniel P. Berrangé wrote:
On Thu, Apr 19, 2018 at 06:11:20PM +0200, Martin Kletzander wrote:
On Thu, Apr 19, 2018 at 10:06:45AM +0100, Daniel P. Berrangé wrote:
On Thu, Apr 19, 2018 at 10:55:01AM +0200, Peter Krempa wrote:
On Wed, Apr 18, 2018 at 18:35:18 +0100, Daniel Berrange wrote:
[...]
> diff --git a/.gitpublish b/.gitpublish > new file mode 100644 > index 0000000000..857f0d552c > --- /dev/null > +++ b/.gitpublish > @@ -0,0 +1,3 @@ > +[gitpublishprofile "default"] > +base = master > +to = libvir-list@redhat.com
ACK
As a side-question. Does git-publish have the option to send GPG-signed mails? I always wanted that, but not enough to hack it into git-send-email.
[...]
Sure, I never meant the commits should stay signed. It doesn't really make much sense in most scenarios to have individual commits signed. Signed tag is an inherent sign for all parent commits, which is more than enough. What I wanted to have established was a way for the people receiving the commit to be able to see that it really came from me and it was not tampered with. For that case I only care about the medium (through which the commit is sent) to be covered. That's the only part of the chain where I'm missing some effort to enhance integrity and accountability.
Oh so you don't really need git commit signing for that then. Essentially you can just git-format the patches and do normal "email" signing when sending them, so the receipient verifies the email, rather than the commit patch. That sounds like something you could integrate into git-publish.
Actually this is exactly what I'm looking for. I don't really care whether the commits are signed in GIT, but I care whether the emails are sent signed. It should be easy to integrate if git is able to 'am' the signed emailed patches correctly, which I did not try yet.