On 2013-02-26 18:28, Linus Torvalds wrote: > On Thu, Feb 21, 2013 at 9:26 PM, Markus F.X.J. Oberhumer > <mar...@oberhumer.com> wrote: >> >> please pull my "lzo-update" branch from >> >> git://github.com/markus-oberhumer/linux.git lzo-update > > I *really* want github (and other general hosting) pull requests to be > for signed tags, so that I can see your gpg key and there is some real > trail of who things got pulled from. > > I prefer he signed tags even from trusted machines, because they allow > for submitters to add comments directly for the merge, but for > untrusted general hosting sites I will simply refuse to pull without > them.
Ok, I have pushed a signed tag "lzo-update-signature-20130226", but I'm not fully sure if that worked - at least $ git verify-tag lzo-update-signature-20130226 gpg: Signature made Tue 26 Feb 2013 08:39:14 PM CET using DSA key ID 0B2043C9 gpg: Good signature from "Markus F.X.J. Oberhumer <mar...@oberhumer.com>" and the tag does show up at https://github.com/markus-oberhumer/linux/commits/lzo-update-signature-20130226 My public key 0B2043C9 is available on many PGP key servers, e.g. http://pgp.mit.edu:11371/pks/lookup?search=markus+oberhumer Cheers, Markus > > Linus > -- Markus Oberhumer, <mar...@oberhumer.com>, http://www.oberhumer.com/ -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
