Why not use GNU diff format diffs with GPG signatures?
• Classical diffs don’t do binary very well. • GPG as a subprocess is slow, tricky and fragile; using the botan crypto library in-process is fast, simple and reliable. • Classical diffs may be whitespace-mangled, which invalidates signatures, so you need to ascii-armor it anyways. • OpenPGP packet format is quite baroque, we need much less than it can do. • The web of trust is useful for verifying that the name on a key matches the name on a passport. It isn’t very useful for verifying that the holder of a key should have commit access to your project. We like to trust keys based on the quality of the code they sign, not based on the name attached to them. (In fact, every VCS we know of that does use ?OpenPGP keys doesn’t leverage the web of trust at all, but rather requires you to explicitly upload each key you want to trust.) • In the rare case where you do know that the person whose passport says “Jane Doe” is a hotshot coder who should definitely have commit access, you can always