On Sat, Apr 26, 2014 at 11:29:39AM +0100, Ben Laurie wrote:
> I just noticed that if I merge a pull request, then both author and
> committer are set to whoever made the pull request.
Are you using github, or git using its standard pull request workflow?
In the standard git workflow, the author and committer is set to the
person who merged the pull. The person who requested the pull request
is recorded in the signed git tag. For example, I recently signed a
git tag:
% git tag -s ext4_for_linus_stable
<Insert smart card, type the pin to create the GPG signed tag>
% git push ssh://gitol...@ra.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git
tags/ext4_for_linus_stable
<Type pin to unlock the ssh key, which is also on the smart card>
% git request-pull origin
git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git
tags/ext4_for_linus_stable > /tmp/pull
(I have aliases and shell scripts for most of this, but I've expanded
all of this out for clarity.)
Then I e-mailed the following to Linus, and then after he merged the
pull request, when I pulled down his tree, tou can see the following:
% git show --pretty=fuller --show-signature origin
commit 9ac03675010a69507c0a9d832d6a722e07d35cc6
merged tag 'ext4_for_linus_stable'
gpg: Signature made Sun 20 Apr 2014 10:23:16 PM EDT using RSA key ID C11804F0
gpg: Good signature from "Theodore Ts'o <ty...@mit.edu>"
gpg: aka "Theodore Ts'o <ty...@debian.org>"
gpg: aka "Theodore Ts'o <ty...@google.com>"
Merge: a798c10 0a04b24
Author: Linus Torvalds <torva...@linux-foundation.org>
AuthorDate: Sun Apr 20 20:43:47 2014 -0700
Commit: Linus Torvalds <torva...@linux-foundation.org>
CommitDate: Sun Apr 20 20:43:47 2014 -0700
Merge tag 'ext4_for_linus_stable' of
git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext
Pull ext4 fixes from Ted Ts'o:
"These are regression and bug fixes for ext4.
We had a number of new features in ext4 during this merge window
(ZERO_RANGE and COLLAPSE_RANGE fallocate modes, renameat, etc.) so
there were many more regression and bug fixes this time around. It
didn't help that xfstests hadn't been fully updated to fully stress
test COLLAPSE_RANGE until after -rc1"
* tag 'ext4_for_linus_stable' of
git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4: (
....
The advantage of doing this way is that git will detach the signature
from the tag, and save it in the merge conflict, so years later, the
cryptographic accountability chain is preserved in the git tree.
Cheers,
- Ted
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
