14 May
2019
14 May
'19
11:40 p.m.
On Tue, May 14, 2019 at 03:50:18PM -0400, Chris Laprise wrote:
When I look at review.coreboot.org and the patches have logged commits (ostensibly, these are at least hashed) and I see "Patrick Georgi" as reviewer... there is no assurance of fidelity from those records?
So what is it you're missing that you require signatures for patches?
FWIW Gerrit (the software driving review.coreboot.org) supported signed pushes, but I don't think many people are aware of that or use the feature.
It's also of somewhat limited use as Gerrit cherry-picks into master which loses the signature again.
Patrick
--
Google Germany GmbH, ABC-Str. 19, 20354 Hamburg
Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: Hamburg
Geschäftsführer: Paul Manicle, Halimah DeLaine Prado