On 9 March 2016 at 20:09, David Woodhouse <dw...@infradead.org> wrote: > Yeah, but the important criterion is *who* the thing comes from (and > again, a signed git tag is just as good as a set of signed emails).
Well, it's also important to me that it's easy to apply stuff and that it comes in a single lump that's large enough that I don't have a lot of overhead in processing it. Sure, you could gpg sign individual patch mails and then check signatures when doing git am, but I don't do that because it would be a complete pain (and I'm not sure git has built-in tooling for doing it the way it does with gpg signed tags and merges). So I definitely would bounce an attempt by a submaintainer to send me stuff as a pile of signed patchmails. > It *isn't* about pull vs. email. That's just the transport mechanism. > There may be a correlation, but it isn't important. Right, but Laszlo didn't ask "why pull requests", he asked "why signed pull requests", to which the answer is "because of the trust implied by the way our workflow uses pullreqs". thanks -- PMM
