From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1SaTwv-0000xD-08 for garchives@archives.gentoo.org; Fri, 01 Jun 2012 15:39:37 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id C9B8AE049A; Fri, 1 Jun 2012 15:39:18 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 56F6EE0738 for ; Fri, 1 Jun 2012 15:38:30 +0000 (UTC) Received: from pomiocik.lan (77-253-135-71.adsl.inetia.pl [77.253.135.71]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: mgorny) by smtp.gentoo.org (Postfix) with ESMTPSA id 28E161B400F; Fri, 1 Jun 2012 15:38:27 +0000 (UTC) Date: Fri, 1 Jun 2012 17:39:39 +0200 From: =?UTF-8?B?TWljaGHFgiBHw7Nybnk=?= To: gentoo-dev@lists.gentoo.org Cc: kentfredric@gmail.com Subject: Re: [gentoo-dev] Re: Portage Git migration - clean cut or git-cvsserver Message-ID: <20120601173939.6bc00c6e@pomiocik.lan> In-Reply-To: References: <3375796.AWLuLamy3m@grenadine> Organization: Gentoo X-Mailer: Claws Mail 3.8.0 (GTK+ 2.24.10; x86_64-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=PGP-SHA256; boundary="Sig_/ejZAwd1Cm23dRIs8BqHfci5"; protocol="application/pgp-signature" X-Archives-Salt: 36eeb28c-6b13-4b9a-9608-0fa436135a09 X-Archives-Hash: b5808cebe5cc3b5fe1ad7f3e4427862b --Sig_/ejZAwd1Cm23dRIs8BqHfci5 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Sat, 2 Jun 2012 03:25:43 +1200 Kent Fredric wrote: > On 2 June 2012 03:12, Andreas K. Huettel wrote: > >> "git cat-file -p $sha" is as close as you can get to commit objects > >> without needing to write your own decompressing wrapper. =C2=A0But it > >> gives the same results. > > > > Now, does the "signed data" also contain the parent sha? > > > > If yes, our discussion about rebasing is moot, because a rebase > > will in every case destroy previous signatures. > > >=20 > Yes. Which basically means, you *cannot* have both >=20 > a) rebase only merges > and > b) every commit must be signed >=20 > as policies. >=20 > At very best, I think either > a) a future git might support signed rebases ( ie: replacing existing > signatures with new signatures in the name of the person performing > the rebase ) > or > b) somebody could write a wrapper that provides signed-rebase support > until git get around to implementing it natively. >=20 > and even then, you're going to lose original signing info ( Though, > thats no worse than the signer of the manifest file changing every > sign ) Yes, it's no worse so we're practically considering implementing a very complex mechanism for no real benefit. As I see it, as good would be only requiring some kind of 'top-level' commits to be signed. For example, if one does merge a branch to the tree, a signed merge commit should already be good enough for us. Not sure if git is able to do that, however... --=20 Best regards, Micha=C5=82 G=C3=B3rny --Sig_/ejZAwd1Cm23dRIs8BqHfci5 Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iJwEAQEIAAYFAk/I4jwACgkQfXuS5UK5QB1gzwP+N6lLKd4r71yX0mvAcNY1+87W XGf0jE0YcU/Ty9RzjYPZ9BAyhg5INWIo1abZuayAAmhmgwlrXxEibCfELwI3AUB7 Q6H2CnccumB3HYuLhBwMZBI7FtGDcA1EhbhT5XhBClowcwXg4ZGnexTQ6AGpAVgt odqK4TDU32go2w9RApY= =Rx6s -----END PGP SIGNATURE----- --Sig_/ejZAwd1Cm23dRIs8BqHfci5--