> > Not sure what the point is? That git requires signatures for > authentication (like many decentralized protocols) while svn was based > on client-server-based authentication? >
Indeed This was not related to git at all, is it? It is more about some kind > of social engineering to get changes accepted (which are hard to > counter for projects on the scale of Linux). > Correct. TBH you don't need the size of the Linux kernel to be susceptible to this. Precise traceability of who wrote which exact portions code isn't of any > critical importance in open source projects, authorship is. You have > ... > whole point of the CLA/Apache Foundation, one of its main goals is to > actually to protect individuals. > I guess that's what I aimed to say with "enterprise thinking". If commit signing is deemed irrelevant, the importance of merge commits drops indeed. Which reduces the "discussion" to, should merge commits still be allowed in certain cases or should that always be a rebase no matter the size of the incoming work? (aka. linear history) I guess the one remaining thing that bugs me about the rebase option is that I think you loose the link with the PR, which you would get in the merge (or squash) commit otherwise.
