From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-dev+bounces-52235-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1Sbcwj-0003iz-NI
	for garchives@archives.gentoo.org; Mon, 04 Jun 2012 19:28:10 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id D9DD2E09B5;
	Mon,  4 Jun 2012 19:27:55 +0000 (UTC)
Received: from mail-bk0-f53.google.com (mail-bk0-f53.google.com [209.85.214.53])
	by pigeon.gentoo.org (Postfix) with ESMTP id CF0C6E0853
	for <gentoo-dev@lists.gentoo.org>; Mon,  4 Jun 2012 19:27:04 +0000 (UTC)
Received: by bkcjk13 with SMTP id jk13so4487263bkc.40
        for <gentoo-dev@lists.gentoo.org>; Mon, 04 Jun 2012 12:27:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:in-reply-to:references:date
         :x-google-sender-auth:message-id:subject:from:to:content-type
         :content-transfer-encoding;
        bh=edcjPodelIa2fplX6LkIeyg90KOKFvHIbQ4oWSbcYsU=;
        b=v5Z9J8fQx5YuM/+dQ8PnzNGWZpJwLJ4vyBHep1dBbskmfWC/qCr/iE2B+XqkWcndCz
         AkFHT4baxeAIl29N6SM6GhLeRPQZpvqg2oGbFXH8A3ewRn8fEmrUr2vtM9bYPU6SqCRi
         UyT5Ar7yBZOhGgW+NzAzwiKe+iriSO1ArDeGA+nFZXEcObtX+UrGYR+ToGpxoGlADlNy
         txjFowOCrDbIH3x47l/19+CFs7NFp+9yJmBIxJ6dwCtK6Y/YjnUYDojmMweTSFxKBvJF
         e0iQguNZDxQciS4grfWd5wHAR4ZF8f7Akm7RS5nHyS6vJfiPughrwnv2Ldz7CPFCqUrr
         Fzyw==
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
MIME-Version: 1.0
Received: by 10.204.152.196 with SMTP id h4mr7726779bkw.131.1338838023794;
 Mon, 04 Jun 2012 12:27:03 -0700 (PDT)
Sender: freemanrich@gmail.com
Received: by 10.204.149.211 with HTTP; Mon, 4 Jun 2012 12:27:03 -0700 (PDT)
In-Reply-To: <20120604191000.GA3692@localhost>
References: <CAGfcS_=VRi=7n_2rCWLUZUP-HT8h1T6_YfP-oySRUZfWadoc=A@mail.gmail.com>
	<CAKmKYaBD0yiq7HRrZ+XcOQ-9=GSiBmcLYEDCS3_oH6=kpzP+yA@mail.gmail.com>
	<CAGfcS_mkN9ZSvJcSUaVf7=+hRpgKeQ0k97YXo4eqAGZQ-3LOYA@mail.gmail.com>
	<CAKmKYaA=+-3qe=SRs=u7rY3=08Wjo8H6jStm2bLda2PBNSx7fw@mail.gmail.com>
	<CAGfcS_mHA=pfY4AwS6pwwWQW=K1SotQLiWna1ks0dNvQ4vwe1w@mail.gmail.com>
	<CAKmKYaB7xj4TCZZ1PDLYq1hONzo8rQTNq8mVR2anLiHA8KpHmA@mail.gmail.com>
	<CAGfcS_n7YtDfCC4BqMnac34eN_5E-wigLneWmUivOFjxoNHyOw@mail.gmail.com>
	<CAKmKYaDZPGD1TEfjPaqTLg_+poE6hQiZU=wEBNPgaGHk+BRL3w@mail.gmail.com>
	<CAGfcS_mSg5nySMoph9MwNAWxtOJJd70PV6EBEC0e4OK9Z=F=-w@mail.gmail.com>
	<CAKmKYaCEjjwu-UnY9guBmKWwK+Wtrz49ie_5z=gdm1AUZhcWDg@mail.gmail.com>
	<20120604191000.GA3692@localhost>
Date: Mon, 4 Jun 2012 15:27:03 -0400
X-Google-Sender-Auth: vhdi-snY0SFSB9ud6cNzhBnCSuQ
Message-ID: <CAGfcS_mr91F8V8LVqQQ97qAQKH8gr1k5=3QFFrqd-dGkWAjPag@mail.gmail.com>
Subject: Re: [gentoo-dev] Git braindump: 1 of N: merging & git signing
From: Rich Freeman <rich0@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Archives-Salt: b2241b4d-b04a-492d-81c6-c48ca4f7a0e6
X-Archives-Hash: ee8a8adfcb02206308e96a63ab4ffba2

On Mon, Jun 4, 2012 at 3:10 PM, Brian Harring <ferringb@gmail.com> wrote:
> One thing people need to keep in mind here is that when you sign the
> commit, you're signing off on the history implicitly. =A0Directly
> addressing freeman's comment about "people sign the manifest but don't
> look at what they're signing", when it comes to git signage, bluntly,
> people doing that shouldn't have access- if they can't be arsed to
> validate what they're signing, then trusting them w/ the tree is
> probably questionable.

I suspect that you're missing my point.  The argument was made that as
long as merge commits are signed you know that unsigned commits
referenced by them are OK.  However, some of those commits might have
been already in gentoo-x86 and I doubt that anybody is going to check
those.  If I have a perfect commit, I do a git pull and a git push and
the result is a merge that references whatever was in gentoo-x86
before, whether placed there by dev, or hacker, or whatever.  Unless I
go back and review the existing gentoo-x86 history (and likely have to
repeat the process when somebody else does a push before I do), I
can't vouch for what was in there already - just what I'm adding.

The reason I mentioned maifests is that they have the same issue.  If
I keyword an arch on foo-1.4.5, I sign the manifest.  That doesn't
mean that I checked every file in the package's directory tree for
issues.  At most I checked foo-1.4.5, but I can't sign off on just
1.4.5 - I have to sign off on everything.  Also, when I sign off on
1.4.5, I'm really just signing off for the keyword change, not the
piece of buggy code I didn't write on line 37 of the ebuild.

Of course when merging a pile of commits into the tree you should
check all of them to make sure they're fine (or rather that the end
result of them is fine - no absolute need to squash together bug
introductions and fixes even if that is nicer).  However, I'm not sure
I'd extend that to checking commits ALREADY in gentoo-x86 made by some
other dev.

The general principle is that if you change something in the tree, you
should be responsible for what you changed, and that makes sense.

Rich