[Cryptography-dev] Verifying our History by Signing Commits

Donald Stufft donald at stufft.io
Fri Aug 9 03:11:43 CEST 2013 

On Aug 8, 2013, at 8:50 PM, Donald Stufft <donald at stufft.io> wrote:

> So Jean-Paul brought up in #cryptography-dev about the idea of signing our
> git commits.
> 
> Personally I think this is a good idea however if we want to do it it leaves
> a few open questions with how we do it.
> 
> Ideally the person who is adding the commit to the repository is the person
> who signs the commit (think of it similarly to the Signed-Off line). They are
> claiming responsibility for the commit landing in the tree. 
> 
> So the questions are
> 
> 1) Do we want to have a policy of requiring GPG signed commits?
> 
> 2) Do we want to require every commit being signed (which means reviewing
>   every commit of a PR and signing it) or do we just want to require signing
>   of the merge commit?
> 
> 3) How does this interact with our code review process? Obviously if someone
>   not a maintainer makes a patch whichever one of us commits it will be the
>   signer, does the same follow for code written by us?

One solution to this is simply have us sign our own commits, and the person who
performs the merge signs the merge commit. Commits authored by people other
than us we still need to decide between simply signing merge commits or needing
to review each commit and one of us signing it.

> 
> This will likely require additional infrastructure to check every commit that
> lands on master is signed by a trusted key however a single Jenkins server
> should be plenty to ensure that everything is signed.
> 
> Some additional reading: http://mikegerwitz.com/papers/git-horror-story.html
> 
> -----------------
> Donald Stufft
> PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
> 
> _______________________________________________
> Cryptography-dev mailing list
> Cryptography-dev at python.org
> http://mail.python.org/mailman/listinfo/cryptography-dev


-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20130808/bbb7bd66/attachment.pgp>

More information about the Cryptography-dev mailing list