Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
 help / color / mirror / Atom feed
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Subject: Re: [FFmpeg-devel] [RFC] git and signing commits and tags
Date: Tue, 9 Aug 2022 00:36:53 +0200
Message-ID: <20220808223653.GX2088045@pb2> (raw)
In-Reply-To: <N8yv8sw--3-2@lynne.ee>


[-- Attachment #1.1: Type: text/plain, Size: 1766 bytes --]

On Mon, Aug 08, 2022 at 09:26:52PM +0200, Lynne wrote:
> Aug 8, 2022, 16:50 by michael@niedermayer.cc:
> 
> > Given the recent server issues, i wonder if we should suggest/recommand
> > and document signing commits and tags
> >
> > i tried to push such commit to github and it nicely says "verified"
> > https://github.com/michaelni/FFmpeg/commit/75f196acd16fb0c0ca7a94f0c66072e7c6f736bf
> >
> > Ive generated a new gpg key for this experiment as i dont have my
> > main key on the box used for git development and also using more
> > modern eliptic curve stuff (smaller keys & sigs)
> > i will upload this key to the keyservers in case it becomes the
> > one i use for git.
> >
> 
> I sign all of my commits, 

I didnt notice, but thats good as it also proofs it works with no ill
sideeffects

Where can i find your public key ? it seems its not on the keyservers i checked


> I think it should be recommended but
> not required.

yes, for now, thats certainly the right path. In the future
this should maybe be reevaluated


> 
> One downside is that you can sign commits from others with your
> own key (for instance when pushing a patch from someone along
> with your commits, and signing all at once via rebase), which can be
> misleading, so it takes some work to reorder commits or push them
> in stages so this doesn't happen. It makes sense that it's the
> committer who's signing it, but git or github don't make a distinction
> when it comes to signing.

I dont see much harm if other commits are signed too. 

thx

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

I do not agree with what you have to say, but I'll defend to the death your
right to say it. -- Voltaire

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

  reply	other threads:[~2022-08-08 22:37 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-08-08 14:50 Michael Niedermayer
2022-08-08 14:50 ` [FFmpeg-devel] [PATCH 1/2] MAINTAINERS: Add ED25519 key for tag/commit signing experiment Michael Niedermayer
2022-08-08 15:16   ` James Almer
2022-08-08 15:43     ` Michael Niedermayer
2022-08-31 18:57       ` Michael Niedermayer
2022-08-09 19:33   ` Michael Niedermayer
2022-08-08 14:50 ` [FFmpeg-devel] [PATCH 2/2] doc/git-howto.texi: Document commit signing Michael Niedermayer
2022-08-08 15:02 ` [FFmpeg-devel] [RFC] git and signing commits and tags James Almer
2022-08-08 15:58   ` Michael Niedermayer
     [not found] ` <20220808145008.26162-1-michael@niedermayer.cc-N8xvyjN----2>
2022-08-08 19:26   ` Lynne
2022-08-08 22:36     ` Michael Niedermayer [this message]
2022-08-09 10:59       ` Michael Niedermayer
2022-08-09 11:02         ` Michael Niedermayer
2022-08-09 17:50           ` Lynne
2022-08-09 19:32             ` Michael Niedermayer
2022-08-09 11:22     ` Gerion Entrup

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220808223653.GX2088045@pb2 \
    --to=michael@niedermayer.cc \
    --cc=ffmpeg-devel@ffmpeg.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
		ffmpegdev@gitmailbox.com
	public-inbox-index ffmpegdev

Example config snippet for mirrors.


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git