From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id D856113832E for ; Mon, 18 Jul 2016 21:21:01 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 7224EE0B32; Mon, 18 Jul 2016 21:20:53 +0000 (UTC) Received: from mail-qt0-f193.google.com (mail-qt0-f193.google.com [209.85.216.193]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 7D217E0B16 for ; Mon, 18 Jul 2016 21:20:52 +0000 (UTC) Received: by mail-qt0-f193.google.com with SMTP id u25so7559729qtb.3 for ; Mon, 18 Jul 2016 14:20:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to; bh=OtbfZOcOQqhqc7umwtZcGIsTxUaEPuMCdWSK66v0Ybk=; b=oeCkW+D3Jw2HUd7bm497eWzahLqKEANPi4DzwijC4Rk6N0PVZfxFNQooSQqIaFH4E2 XEngVy+zKfPoZWtfq8SCvgZMYelJDVd45VpOoFxkQg5xIJ0qvA3gAdh2lmz5vXBkHi76 cOeYD2ZdGNllXX3cXmQOgj8FcoB7RujXRUHK6hpSFW2RW/AnW78bXfC+wQwFzBsGS7zi f3EUPNFeTebKAIrIOqvuHZZfn6cWEnSUrMPyJcktaUuusmqVK5UaWhn5fW/HoWZ5tlmd uC9S09v5SZnRZlJQdRmdhHXWcHQipjAw4SQ+OQS6p+0bB64IzysVcYvtxC782dr/AYFj dI3w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to; bh=OtbfZOcOQqhqc7umwtZcGIsTxUaEPuMCdWSK66v0Ybk=; b=Ukzwtq1NbIjALyf+pHuWBA7RQnNANkZL4Y71wzFcO2kmpVg25rlbnJqkZB3/FOZ8nT qoLS8f+fIH6RWnDvBvaGxSJ8+zABuY9ipJTrm4MAxPFT95kmP7+t4Dup5AyOJOUbi2nE p2L2St7P3xSCi6BCuLLAj4tGmEKZbOYT2L08Fc5INkrZ3gDiaeMMfdKZLxGq4tfFIuPa EdL4sDBlm7rTjjvIY3/7SSIX7XhFBiw/HGIyKC4oe7EviGlx2XBviQH5K7axyFZx9oRM fK7Iu9Ss6uzvWt4IlTx7DyST00qcAFQEw4Vv/Mu/g6tleUf0YxC53hwSciHpwZiMluEu +SyA== X-Gm-Message-State: ALyK8tLk0fnOiBk1kCkdyIdz+PKK7KxGLyB4Kkq1WRL5Lo6/oKd/HuzbE7DaYWYxqodlEIDCJ2Rrbp28a8q6qA== X-Received: by 10.200.37.60 with SMTP id 57mr54376644qtm.82.1468876851459; Mon, 18 Jul 2016 14:20:51 -0700 (PDT) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Sender: freemanrich@gmail.com Received: by 10.140.40.36 with HTTP; Mon, 18 Jul 2016 14:20:50 -0700 (PDT) In-Reply-To: <20160716123309.940bdcbcb2c28d0aa26aa730@gentoo.org> References: <20160716123309.940bdcbcb2c28d0aa26aa730@gentoo.org> From: Rich Freeman Date: Mon, 18 Jul 2016 17:20:50 -0400 X-Google-Sender-Auth: 2C8dF0FOZD1AxjNbJ0HphudZN3I Message-ID: Subject: Re: [gentoo-dev] Signed push & clock drift rejection To: gentoo-dev Content-Type: text/plain; charset=UTF-8 X-Archives-Salt: 8a22d979-1cd5-4370-8ecb-a10d000524d9 X-Archives-Hash: eabbfcb5b6f481928e675e8b7d5258ab On Sat, Jul 16, 2016 at 5:33 AM, Andrew Savchenko wrote: > > On Fri, 15 Jul 2016 18:03:30 +0000 Robin H. Johnson wrote: >> >> The tolerances are presently set to: >> - 5 seconds of clock drift. > > Set it for a minute or two. This will protect from commits from > really out-of-sync systems (like 14 days mentioned above) and will > keep usablity hight for others. I'll defer to infra on how much they can accept, but I tend to think that we can afford to be a bit more liberal. However, I don't think we want to accept things like systems coming out of suspend that are off by hours. > >> - 'git push' must be completed in 60 seconds. > > Why?! What is wrong if push will take 120 seconds? I often commit > from quite an old box and git push takes 20-40 seconds, while this > is within your limits, the margin is not safe. > > What if someone needs to commit via 2G GPRS or similar slow network > link? Afaik we have developers on quite slow and unstable links. > > Just set this limit to 5 minutes to make it a sane protection of a > stale push. > Somebody can correct me if I'm wrong, but I'm pretty sure that only one person can be pushing anything at time. So, regardless of any rsync limitations, I'm not sure we really want developers to be spending 5 minutes doing a push. That means that if anybody else does a commit during that 5 minutes they're going to have to rebase it. For repos that don't get heavy use I think we could be more liberal. -- Rich