Most pull requests are the url of a repo and the name of a branch. Without a sha... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		Tobu on March 16, 2012 \| parent \| context \| favorite \| on: Crossroads I/O is a fork of the ZeroMQ project Most pull requests are the url of a repo and the name of a branch. Without a sha1, those aren't tamper-proof. Another option is to make pull requests for signed tags, which build on GPG trust; or to GPG-sign a pull request email containing a sha1. - https://lwn.net/Articles/473220/ - http://git-blame.blogspot.com/2012/01/using-signed-tag-in-pu...

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact