ENH: GPG signatures, branch-environment map (GitFS/HgFS workflow)

This is probably two or more issues.

Objective: Verify all policy changes (change control)
#### Current Workflow
1. Fork
2. Merge in from upstream
   - see: Signatures
3. Merge up to environment branches
   - `gifs_base` defaults to `master`
   - see: Branch-Environment Map

**Is there a better way?**
#### Signatures

It could be helpful to only pull from signed tags and commits.
- https://github.com/saltstack/salt/blob/develop/salt/fileserver/gitfs.py#L973 (`find_file`)
- https://github.com/saltstack/salt/blob/develop/salt/fileserver/hgfs.py#L409 (`find_file`)

**[GitPython](https://github.com/gitpython-developers/GitPython/)**
- https://github.com/gitpython-developers/GitPython/pull/124

**[pygit2](https://github.com/libgit2/pygit2)**
- https://github.com/libgit2/pygit2/search?q=gpg

**[mercurial](http://selenic.com/hg)**
- http://mercurial.selenic.com/wiki/GpgExtension
- http://selenic.com/hg/file/tip/hgext/gpg.py#l142 (`hg sigs` (`sigs`))
- http://selenic.com/hg/file/tip/hgext/gpg.py#l167 (`hg sigcheck` (`check`))
  - would be great if it was possible to specify a limited set of keys

OS Packages
- https://wiki.debian.org/SecureApt#How_to_tell_if_the_key_is_safe
- https://docs.fedoraproject.org/en-US/Fedora/12/html/Deployment_Guide/s1-check-rpm-sig.html
- https://wiki.archlinux.org/index.php/pacman-key
- https://wiki.freebsd.org/pkgng
- http://www.tedunangst.com/flak/post/signify
- http://wiki.gentoo.org/wiki/GLEP:57#System_Elements


#### Branch-Environment Map
**Existing**
- [gitfs_base](http://docs.saltstack.com/en/latest/ref/configuration/master.html#gitfs-base)
- [gitfs_env_whitelist](http://docs.saltstack.com/en/latest/ref/configuration/master.html#gitfs-env-whitelist)
- [gitfs_env_blacklist](http://docs.saltstack.com/en/latest/ref/configuration/master.html#gitfs-env-blacklist)
- [hgfs_base](http://docs.saltstack.com/en/latest/ref/configuration/master.html#hgfs-base)
- [hgfs_env_whitelist](http://docs.saltstack.com/en/latest/ref/configuration/master.html#hgfs-env-whitelist)
- [hgfs_env_blacklist](http://docs.saltstack.com/en/latest/ref/configuration/master.html#hgfs-env-blacklist)

**Possible**
- `gitfs_env_map` : `re.match(branch) <--> environment_name_template`

Value: Could sign commits/tags (e.g. of a formula) without clobbering existing branch[es].


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

ENH: GPG signatures, branch-environment map (GitFS/HgFS workflow) #12183

Current Workflow

Signatures

Branch-Environment Map

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

ENH: GPG signatures, branch-environment map (GitFS/HgFS workflow) #12183

Description

Current Workflow

Signatures

Branch-Environment Map

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions