Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261705AbVDWSvK (ORCPT ); Sat, 23 Apr 2005 14:51:10 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261703AbVDWSvJ (ORCPT ); Sat, 23 Apr 2005 14:51:09 -0400 Received: from simmts7.bellnexxia.net ([206.47.199.165]:41463 "EHLO simmts7-srv.bellnexxia.net") by vger.kernel.org with ESMTP id S261715AbVDWSuX (ORCPT ); Sat, 23 Apr 2005 14:50:23 -0400 Message-ID: <2646.10.10.10.24.1114278656.squirrel@linux1> Date: Sat, 23 Apr 2005 13:50:56 -0400 (EDT) Subject: Re: Git-commits mailing list feed. From: "Sean" To: "Linus Torvalds" Cc: "David Woodhouse" , "Jan Dittmer" , "Greg KH" , "Kernel Mailing List" , "Git Mailing List" User-Agent: SquirrelMail/1.4.4-2 MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7BIT X-Priority: 3 (Normal) Importance: Normal References: <200504210422.j3L4Mo8L021495@hera.kernel.org> <42674724.90005@ppp0.net> <20050422002922.GB6829@kroah.com> <426A4669.7080500@ppp0.net> <1114266083.3419.40.camel@localhost.localdomain> <426A5BFC.1020507@ppp0.net> <1114266907.3419.43.camel@localhost.localdomain> In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1325 Lines: 37 On Sat, April 23, 2005 1:31 pm, Linus Torvalds said: > If somebody writes a script to generate the above kind of thing (and tells me how to validate it), I'll do the rest, and start tagging things properly. Oh, and make sure the above sounds sane (ie if somebody has a better idea for how to more easily identify how to find the public key to > check against, please speak up). > Hi Linus, Why not leave tags open to being signed or unsigned? Anyone that wants to create a trusted tag could simply sign their cleartext entry in the tag object. Ideally the SHA1 tree reference would be included in the text entry whether it was signed or not. Thus any script can pull the SHA1 out of the text entry. And a script that understands the signing method can verify it. But scripts that don't understand the signing method can still use the tag. For presentation in the log or whatever, the script can look inside the clear text message, grab the SHA1 and display it in the header area; even though it's not really in the header, always just in the clear text area. Sean - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/