aboutsummaryrefslogtreecommitdiff
path: root/contrib/verify-commits
AgeCommit message (Collapse)Author
2017-02-01Require merge commits merge branches on top of other merge commitsMatt Corallo
Specifically, require that the left branch (first restult of git show -s --format=format:%P) is a signed merge commit, instead of allowing either. This is fine for now, but might need to be relaxed in the future. Also fixes an out-of-file-descriptors issue by holding too many open FDs writing to /dev/null
2016-09-11[copyright] add MIT license headers to .sh scripts where missingisle2983
Years are set according to 'git log' history
2016-06-18Remove sipa's old revoked key from verify-commitsPeter Todd
Now that the trusted root is past all commits signed by that key we don't need it in the trusted-keys list, nor do we need to whitelist those commits in allow-revsig-commits
2016-06-09Add README for verify-commitsPeter Todd
2016-05-21Remove keys that are no longer used for mergingPeter Todd
Also updated trusted git root to be right after gmaxwell's last merge.
2016-05-21Remove pointless warningPeter Todd
Any attacker who managed to make an evil commit that changed something in the contrib/verify-commits/ directory could just as easily remove the warning and/or modify it to not display the evil commits; telling the user to check those commits specifically misleads them into checking just those commits rather than the script itself.
2016-05-21Make verify-commits path-independentMatt Corallo
2016-05-21Make verify-commits POSIX-compliantMatt Corallo
2016-04-21[contrib] verify-commits: Add MarcoFalke fingerprintMarcoFalke
2015-11-13add jonasschnellis key to git-verify-commits trusted-keysJonas Schnelli
2015-11-06Use Pieter's signing subkey instead of his primary keyMatt Corallo
This commit is signed.
2015-10-27Add Pieter's new PGP key to verify-commits/trusted-keysMatt Corallo
2015-10-23Whitelist commits signed with Pieter's now-revoked keyMatt Corallo
2015-10-22Fix pre-push-hook regexesMatt Corallo
2015-09-14Update trusted-git-root to the most recent unsigned commitMatt Corallo
2014-12-20Add script to verify all merge commits are signedMatt Corallo