Re: Git-commits mailing list feed.

From: Sean
Date: Sat Apr 23 2005 - 13:54:50 EST


On Sat, April 23, 2005 1:31 pm, Linus Torvalds said:

> If somebody writes a script to generate the above kind of thing (and
tells me how to validate it), I'll do the rest, and start tagging things
properly. Oh, and make sure the above sounds sane (ie if somebody has a
better idea for how to more easily identify how to find the public key to
> check against, please speak up).
>

Hi Linus,

Why not leave tags open to being signed or unsigned? Anyone that wants to
create a trusted tag could simply sign their cleartext entry in the tag
object.

Ideally the SHA1 tree reference would be included in the text entry
whether it was signed or not. Thus any script can pull the SHA1 out of
the text entry. And a script that understands the signing method can
verify it. But scripts that don't understand the signing method can still
use the tag.

For presentation in the log or whatever, the script can look inside the
clear text message, grab the SHA1 and display it in the header area; even
though it's not really in the header, always just in the clear text area.

Sean






-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/