Signed pushes for kernel.org
([Kernel] Nov 3, 2020 23:47 UTC (Tue) (corbet))
- Reference: 0000835985
- News link: https://lwn.net/Articles/835985/
- Source link:
Kernel.org manager Konstantin Ryabitsev [1]describes the Git signed-push functionality , which is now supported by the kernel.org system. " To help hedge against this problem, git provides developers a way to sign their actual pushes, as a means to attest 'yes, I actually did intend to push these commits into this ref in this repository on this server, and here's my PGP signature to prove it.' " Among other things, these signatures can be preserved in a commit transparency log, [2]which is also now provided by kernel.org.
[1] https://people.kernel.org/monsieuricon/signed-git-pushes
[2] https://people.kernel.org/monsieuricon/introducing-the-kernel-org-git-transparency-log
[1] https://people.kernel.org/monsieuricon/signed-git-pushes
[2] https://people.kernel.org/monsieuricon/introducing-the-kernel-org-git-transparency-log