Initial changes or the new iteration

Significant rework of the proposal, which drops a lot of complexity. It
is now simpler and a lot less dependent on the output of "git mailinfo"
never changing (which was the part that I liked least of all). We lose
some neat functionality, such as ability to track whether the change was
in patch metadata, commit message, or patch itself, but on the upside we
no longer have to parse the patch itself.

This version also puts in-git key distribution at the center, because I
believe the main difficulty with adopting developer attestation is in
handling key distribution. If we borrow the idea of using git itself
from did:git folks, then we sidestep a lot of complexity and reliance on
external services.

Dumber and simpler is always better than clever and more likely to fail,
so I'm promoting this to "beta" and will work on library and b4 tooling

Signed-off-by: Konstantin Ryabitsev <>
34 files changed