"Matt Hunter" <m@xxxxxxxxx> writes: > Hi > > On Sun Apr 13, 2025 at 3:17 PM EDT, Klaus Frank wrote: >> how do I get "git send-email" to send the patches gpg signed? I tried >> first signing the commit but after spending time looking into the >> documentation I couldn't work out how to do it. All I discovered so far >> is that the "git send-email" appears to be using "git format-patch" >> internally and that's where it currently gets lost. > > There's a conceptual issue with mailing patches from signed commits. > Once your patch recipient goes to apply it to their branch, they are > recorded as the "committer" identity of the new commit object. This > would break the validity of any existing signature. > > This is likely the reason by the related git tools (format-patch, am) > ignore this information. > > You may have also noticed that commands like git-rebase and > git-cherry-pick will drop signatures from commits as well, since they > are being replayed onto a different history, changing the commit data. Very well said. Protecting the e-mail with GPG is a job for MUA/MSA, that is independent from signature used to sign objects like commits and tags, so the signature over objects cannot be reused by programs like send-email. But send-email may not have an option to wrap its payload in s-mime or pgp, which can be a separate project worth looking into. Thanks.
