From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 4181C138334 for ; Thu, 12 Jul 2018 03:53:55 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id ADCDAE0874; Thu, 12 Jul 2018 03:53:48 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 2F59FE0856 for ; Thu, 12 Jul 2018 03:53:47 +0000 (UTC) Received: from katipo2.lan (unknown [203.86.205.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: kentnl) by smtp.gentoo.org (Postfix) with ESMTPSA id 12857335CA3 for ; Thu, 12 Jul 2018 03:53:43 +0000 (UTC) Date: Thu, 12 Jul 2018 15:52:56 +1200 From: Kent Fredric To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] [RFC] Requiring gentoo.git committers to use their @gentoo.org address Message-ID: <20180712153607.6cf7544e@katipo2.lan> In-Reply-To: <1531125622.1159.11.camel@gentoo.org> References: <1531125622.1159.11.camel@gentoo.org> Organization: Gentoo X-Mailer: Claws Mail 3.16.0 (GTK+ 2.24.32; x86_64-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; boundary="Sig_/DjTzeISnYmLckr3mZBroRMU"; protocol="application/pgp-signature" X-Archives-Salt: 26559a8c-2c46-4b3f-b4e7-48d149a09f83 X-Archives-Hash: edabdfa730d5586e4c63d3652b663b2b --Sig_/DjTzeISnYmLckr3mZBroRMU Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Mon, 09 Jul 2018 10:40:22 +0200 Micha=C5=82 G=C3=B3rny wrote: > Hi, >=20 > We currently don't enforce any particular standard for e-mail addresses > for developers committing to gentoo.git. FWICS, the majority of > developers is using their @gentoo.org e-mail addresses. However, a few > developers are using some other addresses. >=20 > Using non-@gentoo.org e-mail addresses generally causes problems > in accounting for commits. For example, our retirement scripts can't > detect commits made using non-Gentoo e-mail address. My dev-timeline > scripts [1] account for all emails in LDAP (which doesn't cover all > addresses developers use). FWIK gkeys accounts for all addresses > in the OpenPGP key UIDs. In my opinion, that's a lot of hoops to jump > through to workaround bad practice. >=20 > Therefore, I'd like to start enforcing (at the level of the hook > verifying signatures) that all commits made to gentoo.git (and other > repositories requiring dev signatures) are made using @gentoo.org e-mail= =20 > address (for committer field). >=20 > Is anyone opposed to that? Does anyone know of a valid reason to use > non-@gentoo.org address when committing? >=20 > [1]:https://dev.gentoo.org/~mgorny/dev-timeline.html >=20 There's one fun problem here technologically for proxy-maint, but getting the conditions right for it to occur happen very rarely. 1. Assume the proxied maintainer has a git repo, where they commit themselves. 2. Assume their proxy has said git repo as an alternative remote, for which they relay work. ( That is, they work closely together directly instead of via github pull requests and textual patches ) 3. ::gentoo is quiet, and the proxied maintainer has rebased their own work on top of ::gentoo, setting Committer: metadata and signing commits. Then, in that situation, it is trivial for the proxy to relay those commits verbatim to ::gentoo, without changing either Committer: or signature data. Standard git tools will not attempt to even *change* these commits even with an explicit rebase, because Git will detect that nothing needs to change, and will no-op the rebase, leaving Committer and Signatures intact, degrading to a fast-forward merge. It seems like it would happen not-very-often, but ...=20 git log --show-signature --format=3Dfuller --committer=3D".*@\([^g]\|g[^e]\= )" Well, the last example happened in 2017, so maybe something happened *since* then that prevented this situation occurring via other means? *shrug* commit 76eb43412b532a045d92d524dfa5ed1b1bcca671 Author: Michael Mair-Keimberger AuthorDate: 2017-10-02 02:47:28 +1300 Commit: Michael Mair-Keimberger CommitDate: 2017-10-10 07:45:09 +1300 To the best of my knowledge, Michael isn't a Gentoo Dev.=20 --Sig_/DjTzeISnYmLckr3mZBroRMU Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEgdrME8Lrmai3DXYJda6SGagVg7UFAltG0LkACgkQda6SGagV g7WHxA/7Bgcy72pTnIlDo5zLF/DQ4oGC6BmcLzogsRXX5xgth2zakxnH0mBtLnp9 hRo/q8wZ2pYeoOBYp+p+da5I9rXvE736401VhgnbPIXkQ95fzqleHYnHkp/ZRjmA 4u6EI+At5HCG71ZWRF1lR28b1Qy0voE3eFT8WS+92oQ2pg5rYcFmvCfjH73X8SL0 dJ7nv/RPOE/3R7kSHyZ31C/Esp/S3eNzZf48Dc3ARZW8VIcCiCqYyb3H+s3AznLD u30C92OP2iRfmeTFeTrOKUUZ6/Ln3VJ0sZyyUXe1V1poVZ7jd8bPFUugk9kaP5sG LPGqER1GAfdK+sTXRr4BPn7ouQxCQmAtkUALMFYlx/GOFtvhl9aBVdxhGk9X+jsM Kw8vKjSsF048rQHRd7f2zkWPGeynpZ7+/m27ytwZXfZdn88PUUn/Y7lsU3mxLf+4 hxq/6jpPc/x3pOKfAlAYmsWx29wYgStK9+DvCBhI6FACaw+QW7OSiYNRKLPWPWBP cDpoFlDCYB4DhoLZZKDJvIdcUV7a24IOGggCN8kq0GOvovNiZMTFuv18b4ZdQ6wy IicXhSDmLLCHrJd/DL5KaiIZVLRC14HYlwxnmm51DYbsjkxtDW+vYkY9Cln/I6tb a99atG3wgegXQBBjVJIcHlxtY7cyZKLeElHTnPzFGWBHyq3RS0M= =xvb0 -----END PGP SIGNATURE----- --Sig_/DjTzeISnYmLckr3mZBroRMU--