Open Stack

On Sun, Feb 10, 2013 at 4:41 AM, Thomas Goirand <zigo at debian.org> wrote:
> Hi everyone!
>
> As you may know, I am the person doing the packaging of Openstack in
> Debian. So uploading stuff in Debian is my responsibility. I've been
> trying to shout to everyone that they should be using PGP signed tags on
> Github, but the message doesn't seem to be received well enough, even
> though core repositories are signed (I could check that ttx signature is
> in all core projects, so we're safe here). But that's not truth for many
> smaller python modules.

I had a play with this, but I haven't had a lot of luck. It turns out
to sign a commit you can just do:

  git commit -a --gpg-sign

But the signature doesn't appear in git log output unless you use the
--show-signature flag. I _think_ that means it wont end up getting
sent to gerrit, so me signing locally isn't the most useful thing
ever.

Am I misunderstanding something?

Michael