From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-dev+bounces-52227-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1SbYas-0002bO-7N
	for garchives@archives.gentoo.org; Mon, 04 Jun 2012 14:49:19 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 154CCE0776;
	Mon,  4 Jun 2012 14:49:04 +0000 (UTC)
Received: from mail-bk0-f53.google.com (mail-bk0-f53.google.com [209.85.214.53])
	by pigeon.gentoo.org (Postfix) with ESMTP id DB02EE0767
	for <gentoo-dev@lists.gentoo.org>; Mon,  4 Jun 2012 14:48:22 +0000 (UTC)
Received: by bkcjk13 with SMTP id jk13so4185971bkc.40
        for <gentoo-dev@lists.gentoo.org>; Mon, 04 Jun 2012 07:48:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20120113;
        h=mime-version:sender:in-reply-to:references:date
         :x-google-sender-auth:message-id:subject:from:to:content-type;
        bh=ZdGT82CoK4jPDljkMWPsgUqRRjaG6JXXhERQ1sqmBJs=;
        b=Xx/r1pGz6BfC/rOaAPJnto9enhkCiApqyWwDskCtgykV1vug1Y2VHhQcb/6r1TtAJf
         BTfTsfPcOfmHlCzo8GI6mVJDI2C/3sbPKZp7g8GeiZMwGkhqqdB0hvaA5VjmjUUY6Zen
         IxTIbIxO/pdNUrnzRllVH2017wI44MqqcOz1KI9B2hC8XhsGfuRZ8/z1wItG9qqZlKO6
         s9m3viGa/OtU7ZA/7hQpSpzOFG1d71bLdO7VXKprUMDgOLSU2ijM6Fjyphg1Z1pJWDib
         79LygGgIwRQhUG9+5iZtlpVdLH+NTBY0RkGhPbZk5e8BBSkGBPDYrKTKcPrMUKHkDZAv
         LbWA==
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
MIME-Version: 1.0
Received: by 10.204.149.208 with SMTP id u16mr7209410bkv.81.1338821301982;
 Mon, 04 Jun 2012 07:48:21 -0700 (PDT)
Sender: freemanrich@gmail.com
Received: by 10.204.149.211 with HTTP; Mon, 4 Jun 2012 07:48:21 -0700 (PDT)
In-Reply-To: <CAKmKYaA=+-3qe=SRs=u7rY3=08Wjo8H6jStm2bLda2PBNSx7fw@mail.gmail.com>
References: <robbat2-20120603T073705-606889647Z@orbis-terrarum.net>
	<201206031239.21744.dilfridge@gentoo.org>
	<CAKmKYaCin65oaPiynVBMSL0psfZVsti4oFpd=DYw3mp_pf2-RA@mail.gmail.com>
	<201206032135.49757.dilfridge@gentoo.org>
	<CAKmKYaCv0shtPu7jcvbDT_XyTAq__S3R_ZLcOgcgMDRM_zPEAg@mail.gmail.com>
	<CAGfcS_maNfikeVTj3cmcQ1OF-uQAVEbE2r1oKykYGwC5VOmvfw@mail.gmail.com>
	<CAKmKYaA=KoyvXRxpg+9uYiha_2vgPg7Z4+kywmC_8XTvb48-mA@mail.gmail.com>
	<CAGfcS_=VRi=7n_2rCWLUZUP-HT8h1T6_YfP-oySRUZfWadoc=A@mail.gmail.com>
	<CAKmKYaBD0yiq7HRrZ+XcOQ-9=GSiBmcLYEDCS3_oH6=kpzP+yA@mail.gmail.com>
	<CAGfcS_mkN9ZSvJcSUaVf7=+hRpgKeQ0k97YXo4eqAGZQ-3LOYA@mail.gmail.com>
	<CAKmKYaA=+-3qe=SRs=u7rY3=08Wjo8H6jStm2bLda2PBNSx7fw@mail.gmail.com>
Date: Mon, 4 Jun 2012 10:48:21 -0400
X-Google-Sender-Auth: sIDH0puRiA8QVdhnwEvvk-Ylz3Y
Message-ID: <CAGfcS_mHA=pfY4AwS6pwwWQW=K1SotQLiWna1ks0dNvQ4vwe1w@mail.gmail.com>
Subject: Re: [gentoo-dev] Git braindump: 1 of N: merging & git signing
From: Rich Freeman <rich0@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Content-Type: text/plain; charset=ISO-8859-1
X-Archives-Salt: 09646600-f784-4a17-8859-80ae4e06938d
X-Archives-Hash: d229c7cf4237450aa353176d1a501fbb

On Mon, Jun 4, 2012 at 10:26 AM, Dirkjan Ochtman <djc@gentoo.org> wrote:
> On Mon, Jun 4, 2012 at 4:18 PM, Rich Freeman <rich0@gentoo.org> wrote:
>> How do you KNOW that the nearest signed descendant actually merged it?
>>
>> How do you know it wasn't added by a hacker?
>
> Because then the signature for the nearest signed descendant wouldn't
> check out (unless it got hacked before he signed it, of course, but in
> that case hopefully he wouldn't sign it...).

When I do a cvs commit, I don't check the logs to make sure the last
25 commits all look valid.  So, why would I expect others to do any
differently in git.  I make my changes, I run a git pull (bringing in
the hacked commit on gentoo-x86 master), and then merge/rebase in my
changes, signing my commit (which indicates that what _I_ just
commited is good, not that everything before is good).  I am not the
one commiting in hacked files - they were there before I got there.

>
> Of course, we'd have to make sure the tip of whatever is pushed is
> always signed, but the hook for that should be trivial.

Yup, but the hacker wouldn't run the hook.

Rich