On Fri, Jan 20, 2017 at 03:05:42PM +0100, Ludovic Courtès wrote:
> For the pre-push hook, the overhead seems reasonable (perhaps we could
> limit the range to commits after the first signed commit to avoid
> looping for no reason?) and an improvement.

I agree that it's reasonable and an improvement for the common case of
pushing to existing branches; only the new commits' signatures are
verified in this case.

It's a good idea to limit the range when pushing new branches. It will
still fail invariably, but it will fail more quickly.

I believe the first signed commit is e3d0fcbf7e55 (gnu: Default to
GCC 5.).

Due to merges in the history (I think), using `git rev-list` to
enumerate the commits from e3d0fcbf7e55^..HEAD gives a list of commits
begins with aae03c484f21832 (gnu: Add singular.), which is an earlier
commit.

That's a little confusing, but maybe it doesn't matter if we are just
trying to save the user some time before it fails. They'll have to
disable the hook to push a branch anyways.

WDYT?

> Eventually we could rewrite in Scheme using guile-git, which should be
> faster (no need to fork that much).

Yes, that would be good!