From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1SbYoY-00042d-2M for garchives@archives.gentoo.org; Mon, 04 Jun 2012 15:03:26 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 73572E06FD; Mon, 4 Jun 2012 15:03:12 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 73B42E05B4 for ; Mon, 4 Jun 2012 15:02:32 +0000 (UTC) Received: from mail-we0-f181.google.com (mail-we0-f181.google.com [74.125.82.181]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: djc) by smtp.gentoo.org (Postfix) with ESMTPSA id AE8861B400C for ; Mon, 4 Jun 2012 15:02:31 +0000 (UTC) Received: by werj55 with SMTP id j55so3321652wer.40 for ; Mon, 04 Jun 2012 08:02:29 -0700 (PDT) Received: by 10.216.139.19 with SMTP id b19mr11698356wej.4.1338822149246; Mon, 04 Jun 2012 08:02:29 -0700 (PDT) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Received: by 10.216.168.82 with HTTP; Mon, 4 Jun 2012 08:02:08 -0700 (PDT) In-Reply-To: References: <201206031239.21744.dilfridge@gentoo.org> <201206032135.49757.dilfridge@gentoo.org> From: Dirkjan Ochtman Date: Mon, 4 Jun 2012 17:02:08 +0200 Message-ID: Subject: Re: [gentoo-dev] Git braindump: 1 of N: merging & git signing To: gentoo-dev@lists.gentoo.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Archives-Salt: 1353678e-dfb5-4eb8-802c-961974a9882c X-Archives-Hash: 855a9de48cd3731d3e2f2020cc84fa81 On Mon, Jun 4, 2012 at 4:48 PM, Rich Freeman wrote: > When I do a cvs commit, I don't check the logs to make sure the last > 25 commits all look valid. =C2=A0So, why would I expect others to do any > differently in git. =C2=A0I make my changes, I run a git pull (bringing i= n > the hacked commit on gentoo-x86 master), and then merge/rebase in my > changes, signing my commit (which indicates that what _I_ just > commited is good, not that everything before is good). =C2=A0I am not the > one commiting in hacked files - they were there before I got there. If the tree was bad before you pushed, then it's not your fault the tree is bad. You're only responsible for the commits you bring into the tree, so if you're merging contributor's unsigned changesets, you merge them with a signature of your own. >> Of course, we'd have to make sure the tip of whatever is pushed is >> always signed, but the hook for that should be trivial. > > Yup, but the hacker wouldn't run the hook. If the hacker has unfettered access to the server where the repository lives, we probably have bigger problems, as they can get whatever rsynced to all our users. I guess we could have rsync process check that the cset it's about to push out to mirrors is signed? Cheers, Dirkjan