From mboxrd@z Thu Jan 1 00:00:00 1970 From: Alex Vong Subject: Re: push right for trivial commits Date: Fri, 23 Nov 2018 03:30:08 +0800 Message-ID: <87ftvsoqpr.fsf@gmail.com> References: <875zxej04d.fsf@gmail.com> <87k1lq5tv0.fsf@gnu.org> <87d0rd2tj6.fsf@gmail.com> <87sh07r285.fsf@gnu.org> <87sh05zr5q.fsf@gmail.com> <20181113123153.xvdmwo7e46m5ap5t@abyayala> <878t1wj6a0.fsf@gnu.org> <87ftvu6vp6.fsf@gmail.com> <20181122180830.GA30673@jasmine.lan> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:44013) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gPugF-0004s9-53 for guix-devel@gnu.org; Thu, 22 Nov 2018 14:30:29 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gPugC-0001yf-1P for guix-devel@gnu.org; Thu, 22 Nov 2018 14:30:27 -0500 In-Reply-To: <20181122180830.GA30673@jasmine.lan> (Leo Famulari's message of "Thu, 22 Nov 2018 13:08:30 -0500") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Leo Famulari Cc: guix-devel@gnu.org --=-=-= Content-Type: text/plain Leo Famulari writes: > On Thu, Nov 22, 2018 at 04:07:33AM +0800, Alex Vong wrote: >> I think ECC key works with commit signing precisely because commit >> signing simply requires Savannah to store the key. However, for >> functionalities provided by Savannah (e.g. sending email to your address >> encrypted with your ECC public key), it wouldn't work (as mentioned in >> ). > > To clarify, Savannah doesn't require you to store any key at all in > order to sign Git commits. I think that Savannah accounts don't > integrate with Git at all; they simply offer hosted Git repositories, > and commit signing is a feature of Git. > > We require Guix contributors to upload their keys to their Savannah > account so that there is an authoritative source of signing keys. I see, so it's a guix policy rather than a technical requirement. Indeed, we can download the key from --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQQwb8uPLAHCXSnTBVZh71Au9gJS8gUCW/cDwAAKCRBh71Au9gJS 8tixAP9fUH1hbuzYAHzCFurqLYekkSwWXilEH1sESS6Ff0yi2QD/URSFvG/5OUk2 BJWGZh7Kv+pr7Lic+pYKkSHRHdi9Jgs= =LHgU -----END PGP SIGNATURE----- --=-=-=--