From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id D80AC13832E for ; Mon, 18 Jul 2016 01:12:49 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B39D9E0B44; Mon, 18 Jul 2016 01:12:38 +0000 (UTC) Received: from mail-lf0-f65.google.com (mail-lf0-f65.google.com [209.85.215.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 72B49E0B3D for ; Mon, 18 Jul 2016 01:12:36 +0000 (UTC) Received: by mail-lf0-f65.google.com with SMTP id l89so10305779lfi.2 for ; Sun, 17 Jul 2016 18:12:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rafaelmartins-eng-br.20150623.gappssmtp.com; s=20150623; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to; bh=9jz08uK+7oiokkNVHRojjXfu06Bo+2EmqVziSpNHPIs=; b=GyWpIBl5D8TzPf8YMLGH/I6B8V88k3AN+qLojerNa4PszT6oiMhcm9Gjv6IWMuu2Pz +RVg0xZqZUV8lfzegXWBFb0pNolD342aALe43OMupcv4fMFUUmQtPRocH3iJLPw0pdNO RWq4+opklyfa5lyt/gWdb9vRT3FAgbl3gr3GxZZGfSxyilX8vIQXDSZwEgo+GIy/wv08 DQnkC6dXUYNo0Yjsc15/eGpvSow7DOEaIUgBjtj4lYZEg2jUUDOTvez5L3dZ5gxK+t/K KfvuKCJPgZJ4GKZEld1DcKD2jDY72iqiOsQyy02khHzHmrTu5IQwhm7kSZzaWaQxrMT8 y3AQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to; bh=9jz08uK+7oiokkNVHRojjXfu06Bo+2EmqVziSpNHPIs=; b=OtPghaabA+Un2GzCz9epBaBWv0XQaFSqRS19CBDTGB878qPYlEhhj7CPpb3ObKsuLL Buaiqc/FZU2uqjkJIImk1yryxtF9Ncuo9/+q//824LJ20zIMoYo4NQkCm86/gN9YOFAi 3ctT3I4Ov+pVdL1QMy3AdNoa4RLuLz9MtVK1tbVf4VOd6DjVhU+OXJiTUrbuwqbwdT8N ctovN8IUhhGSbFpjzwAYSTO6h23btj9Ci6u0NR3RphM6apwsDRMVxhn5yjVp0297SHyu 4ErL+tK32l740s5FhjnGPBYu0cXV6DFSMfUuE1fweIgRLGEFFoOPv5K25VLPZtqgrqwG 28Dw== X-Gm-Message-State: ALyK8tK4h63JqJytAFCpgG7Q8C1b4nYcHLknNO0Foo1aeT6sm4o8LY9m064HQxdzmFWV+gQu7lKNybACF3wIdA== X-Received: by 10.46.71.17 with SMTP id u17mr14066397lja.49.1468804354792; Sun, 17 Jul 2016 18:12:34 -0700 (PDT) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Sender: rafael@rafaelmartins.eng.br Received: by 10.25.208.69 with HTTP; Sun, 17 Jul 2016 18:12:34 -0700 (PDT) X-Originating-IP: [88.103.194.234] In-Reply-To: <20160716123309.940bdcbcb2c28d0aa26aa730@gentoo.org> References: <20160716123309.940bdcbcb2c28d0aa26aa730@gentoo.org> From: Rafael Goncalves Martins Date: Mon, 18 Jul 2016 03:12:34 +0200 X-Google-Sender-Auth: hOu30uh_vx8pA-HXERoQ1hunX2Q Message-ID: Subject: Re: [gentoo-dev] Signed push & clock drift rejection To: Gentoo Development Content-Type: text/plain; charset=UTF-8 X-Archives-Salt: a0ce6038-36a9-4664-8e06-9794fe4bc026 X-Archives-Hash: 44c5faf6bdc5e3c47608e4049b2e33a0 On Sat, Jul 16, 2016 at 11:33 AM, Andrew Savchenko wrote: > Hi, > > On Fri, 15 Jul 2016 18:03:30 +0000 Robin H. Johnson wrote: >> Hi all, >> >> In tracing down problems with the git->rsync path, it has been noticed >> that some developers have significant clock drift on their local systems >> (up to one case of 14 days wrong), and it's potentially contributing to >> problems in generating the rsync tree. >> >> I have implemented a check as part of the hook that validates Git push >> certificates (require-signed-push). It looks for clock drift or an >> overly long push, and aborts if needed. >> >> The tolerances are presently set to: >> - 5 seconds of clock drift. > > Why such tight requirement? Why not a minute, which will not hurt > git, but will help with system _temporarily_ out-of-sync. > > Some hardware clocks are real mess and can drift more that for 5 > seconds in a few days (e.g. when system was shut down). And for NTP > it will take time to correct system clock _properly_. While stuff > like running ntpdate before ntp server if system is out of sync is > possible, but it is not recommended nor possible on some workloads. > So IRL NTP may take several hours to sync system properly. > > Set it for a minute or two. This will protect from commits from > really out-of-sync systems (like 14 days mentioned above) and will > keep usablity hight for others. I second this "request" :) remote: Your system clock is off by 6 seconds (limit 5) Regards, Rafael >> - 'git push' must be completed in 60 seconds. > > Why?! What is wrong if push will take 120 seconds? I often commit > from quite an old box and git push takes 20-40 seconds, while this > is within your limits, the margin is not safe. > > What if someone needs to commit via 2G GPRS or similar slow network > link? Afaik we have developers on quite slow and unstable links. > > Just set this limit to 5 minutes to make it a sane protection of a > stale push. > > Best regards, > Andrew Savchenko -- Rafael Goncalves Martins Gentoo Linux developer http://rafaelmartins.eng.br/