为什么Git需要签名推送？

Question

在为Git 2.2.0发行说明，它描述了一个新的选择git push，--signed：

"git push" learned "--signed" push, that allows a push (i.e. 
request to update the refs on the other side to point at a new 
history, together with the transmission of necessary objects) to be 
signed, so that it can be verified and audited, using the GPG 
signature of the person who pushed, that the tips of branches at a 
public repository really point the commits the pusher wanted to, 
without having to "trust" the server. 

所以，它听起来就像推在数据被发送到服务器的签名，以便服务器可以验证并记录是谁推动的。在man pages可以证实这一点：

--signed 
    GPG-sign the push request to update refs on the receiving side, 
    to allow it to be checked by the hooks and/or be logged. See 
    git-receive-pack[1] for the details on the receiving end. 

你看在man pages for git-receive-pack下pre-receive和post-recieve钩，看看究竟如何验证签名的推动。

似乎所有这些都有助于服务器验证谁在进行推送的确实是他们所说的他们。

git push --signed如何帮助您（推者）不必“信任”服务器？到目前为止我所见过的一切似乎都表明它可以帮助服务器信任你。更重要的是，为什么签名提交和签名标签不足以推送到不受信任的服务器？为什么我们甚至需要签名推送？

Answer 1

这里是从commit message摘录介绍了签署推动：

While signed tags and commits assert that the objects thusly signed 
came from you, who signed these objects, there is not a good way to 
assert that you wanted to have a particular object at the tip of a 
particular branch. My signing v2.0.1 tag only means I want to call 
the version v2.0.1, and it does not mean I want to push it out to my 
'master' branch---it is likely that I only want it in 'maint', so 
the signature on the object alone is insufficient. 

The only assurance to you that 'maint' points at what I wanted to 
place there comes from your trust on the hosting site and my 
authentication with it, which cannot easily audited later. 

因此，即使提交签字，你不能确保所提交的作者的意图被推到分支master或分支super-experimental-feature。签名推送允许服务器保存每个推送事件及其签名的记录。然后可以验证这个日志，看看每个提交的确是打算在一个特定的分支上。