3
2
I've set a global Git config commit.gpgsign = true to automatically sign commits that I make. However, when I rebase or cherry-pick commits, it seems to sign all of them, even if I'm not the author.
How can I tell Git to sign only commits which I authored, automatically? (I realize I could handle each commit manually, but I'd rather not perform a special action for each commit I do or don't want to sign.)
jtbandes
Posted 2016-09-02T16:48:25.480
Reputation: 8 350
1IMHO, since rebasing or cherry-picking tend to alter the actual changes a commit did (e.g. apply the same diff on different code), it makes a bit of sense that you would also be considered partially responsible for those changes... – user1686 – 2016-09-02T17:21:14.897
That's an interesting point. I guess it depends upon the workflow and mutual understandings of trust that everyone using a repo have. From a simplistic perspective, it seems like I wouldn't really want to be responsible for others' commits in most cases. I might want to be seen as responsible for having moved/rebased the commits, but there isn't really a way of indicating that except perhaps in the commit message. – jtbandes – 2016-09-02T18:44:16.677
The GPG support in git is less about proving who authored a commit and more about determining who let certain code into the (trusted) repository. – Boycott SE for Monica Cellio – 2016-09-07T22:19:48.253