Re: Linux 3.1-rc5
From: Michael J Gruber
Date: Tue Sep 06 2011 - 03:23:52 EST
Mauro Carvalho Chehab venit, vidit, dixit 05.09.2011 22:26:
> Em 04-09-2011 20:27, Linus Torvalds escreveu:
>
>> One thing to note: If you just do
>>
>> git pull https://github.com/torvalds/linux.git
>>
>> you probably won't get the tags, since it's not your origin branch. So do
>>
>> git fetch --tags<...>
>>
>> too, so that you get not only the actual changes, but the tag that you
>> can verify too.
>>
>
> It would be great if "git remote update" could also verify the tag
> signature (if present), as most of us just do a "git remote update".
...when you should "git fetch --all" ;)
> Maybe an extra parameter for git config remote.tagopt?
>
> Ok, if in doubt, we can always use git tag -v <new tag>, but doing
> it automagically would help us to detect if a git tag got mangled
> by some at the moment we update our trees, with seems to be
> a good idea.
The update hook (if you want to reject falsified tags) or post-update
hook (if you want to be warned) is the perfect place for this. It would
be worth amending the standard update hook, me thinks, after removing
its insisting on a project description, and maybe switching the defaults.
Michael
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/