[premchai21]

Darcs's send and apply work on this principle, of course, though I haven't seen it applied to XMPP specifically. As I recall, the manual even has an example of how to add an easy hook in Mutt to apply a patch from email. git diff and git apply are available for single patches, of course, and git format-patch and git am are optimized for the mail case so that multiple commits can be sent at once, though darcs apply has integrated PGP signature checking and at a glance I don't see anything similar in the git versions. git-send-pack and git-receive-pack also have an underlying role not strongly coupled to the overlay transport, but seem to be designed for bidirectional communication so that the repositories can negotiate about which objects they already have.

[dfc]

Git 1.7.9 added the ability to sign commits. Previously you could only sign tags:

  * "git commit" learned "-S" to GPG-sign the commit; this can be shown
   with the "--show-signature" option to "git log".

man git:

  All objects are named by the SHA1 hash of their contents, normally 
  written as a string of 40 hex digits. Such names are globally unique. 
  The entire history leading up to a commit can be vouched for by signing
  just that commit."

[jlgreco]

What would be really nifty would be the ability to add multiple signatures to commits.

Take a commit with signature[s], add a new signature (create a new commit that contains the previous signature[s] (which should still be valid if you don't change anything else) + your own).

I looked into this very briefly and think it should be possible, but didn't go any further than that.

This would I think be neat for creating things like code review systems that require a certain number of signatures from a larger set of potential signers before automatic deployment.

[premchai21]

There's signed commits, yes. Is there also "apply these but only if they have a valid signature from one of these people"? That's what I didn't see.