[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] why restrict pull reqs to signed tags?

From: Peter Maydell
Subject: Re: [Qemu-devel] why restrict pull reqs to signed tags?
Date: Wed, 9 Mar 2016 20:27:50 +0700

On 9 March 2016 at 20:09, David Woodhouse <address@hidden> wrote:
> Yeah, but the important criterion is *who* the thing comes from (and
> again, a signed git tag is just as good as a set of signed emails).

Well, it's also important to me that it's easy to apply stuff
and that it comes in a single lump that's large enough that I
don't have a lot of overhead in processing it. Sure, you could
gpg sign individual patch mails and then check signatures when
doing git am, but I don't do that because it would be a complete
pain (and I'm not sure git has built-in tooling for doing it
the way it does with gpg signed tags and merges). So I definitely
would bounce an attempt by a submaintainer to send me stuff
as a pile of signed patchmails.

> It *isn't* about pull vs. email. That's just the transport mechanism.
> There may be a correlation, but it isn't important.

Right, but Laszlo didn't ask "why pull requests", he asked
"why signed pull requests", to which the answer is "because
of the trust implied by the way our workflow uses pullreqs".

-- PMM

reply via email to

[Prev in Thread] Current Thread [Next in Thread]