it'd be nice if github had better support for rewriting history as part of a PR review process, even something really basic like squashing groups of commits
1
2
31
Conversation
Replying to
squashing on the server would break commit signing. nonetheless, yeah, it would be nice if it handled it better.
2
8
It's stripped away by their squashing and rebasing options for merging pull requests.
Git's commit signing is very flawed regardless. The signatures are hard-wired into the objects instead of being notes so there can only be one and it can't be updated if a key rotation happens.
1
1
The signatures only sign the object they get embedded into and otherwise depend on a graph of SHA-1 hashes to provide security. It's pretty far from ideal. It'd ideally use Git notes for detached signatures and wouldn't hard-wire GPG as the only option, among other things.