From: Brian Harring <ferringb@gmail.com>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] Git braindump: 1 of N: merging & git signing
Date: Mon, 4 Jun 2012 12:10:00 -0700 [thread overview]
Message-ID: <20120604191000.GA3692@localhost> (raw)
In-Reply-To: <CAKmKYaCEjjwu-UnY9guBmKWwK+Wtrz49ie_5z=gdm1AUZhcWDg@mail.gmail.com>
On Mon, Jun 04, 2012 at 08:45:42PM +0200, Dirkjan Ochtman wrote:
> On Mon, Jun 4, 2012 at 7:25 PM, Rich Freeman <rich0@gentoo.org> wrote:
> > Anything we do has to be automated to be of any real value. ??Ideally
> > if something goes wrong it should be as detectable as possible.
>
> Yeah, but you'd have to part of that at every developer's box.
>
> Can we just agree that having the tip of the main tree always signed
> will be enough for now, and postpone the rest of the discussion until
> later?
ToT is always going to be signed. If it *isn't* signed, either the
infra machinery is broken and not rejecting commits that it should
reject, or someone is trojaning the repo (either via an infra
compromise, local compromise, or via man in the middle).
One thing people need to keep in mind here is that when you sign the
commit, you're signing off on the history implicitly. Directly
addressing freeman's comment about "people sign the manifest but don't
look at what they're signing", when it comes to git signage, bluntly,
people doing that shouldn't have access- if they can't be arsed to
validate what they're signing, then trusting them w/ the tree is
probably questionable.
Harsh, but frankly, sane people don't sign enforcable contracts w/out
verifying what they're signing (note the 'enforcable' bit, stated to
head off the EULA rathole discussion); this isn't any different
frankly.
~harring
next prev parent reply other threads:[~2012-06-04 19:10 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-06-03 8:18 [gentoo-dev] Git braindump: 1 of N: merging & git signing Robin H. Johnson
2012-06-03 9:23 ` [gentoo-dev] " Duncan
2012-06-03 10:19 ` [gentoo-dev] " Markos Chandras
2012-06-03 10:39 ` Andreas K. Huettel
2012-06-03 16:01 ` Dirkjan Ochtman
2012-06-03 19:35 ` Andreas K. Huettel
2012-06-04 6:50 ` Dirkjan Ochtman
2012-06-04 12:34 ` Rich Freeman
2012-06-04 12:45 ` Dirkjan Ochtman
2012-06-04 13:40 ` Rich Freeman
2012-06-04 13:48 ` Dirkjan Ochtman
2012-06-04 14:18 ` Rich Freeman
2012-06-04 14:26 ` Dirkjan Ochtman
2012-06-04 14:48 ` Rich Freeman
2012-06-04 15:02 ` Dirkjan Ochtman
2012-06-04 16:06 ` Rich Freeman
2012-06-04 16:19 ` Dirkjan Ochtman
2012-06-04 17:25 ` Rich Freeman
2012-06-04 18:45 ` Dirkjan Ochtman
2012-06-04 19:10 ` Brian Harring [this message]
2012-06-04 19:27 ` Rich Freeman
2012-06-04 20:41 ` Brian Harring
2012-06-04 20:52 ` Andreas K. Huettel
2012-06-04 20:58 ` Ciaran McCreesh
2012-06-04 20:57 ` Rich Freeman
2012-06-05 6:50 ` Michał Górny
2012-06-05 14:15 ` Rich Freeman
2012-06-08 11:01 ` W. Trevor King
2012-06-08 11:36 ` Rich Freeman
2012-06-08 13:40 ` Michael Weber
2012-06-08 18:08 ` W. Trevor King
2012-06-05 5:25 ` Dirkjan Ochtman
2012-06-04 14:03 ` Matthew Thode
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120604191000.GA3692@localhost \
--to=ferringb@gmail.com \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox