public inbox for gentoo-project@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-project] ChangeLog generation - continued discussions
@ 2011-08-24  9:01 Fabian Groffen
  2011-08-24  9:20 ` Robin H. Johnson
  0 siblings, 1 reply; 5+ messages in thread
From: Fabian Groffen @ 2011-08-24  9:01 UTC (permalink / raw
  To: gentoo-project

Per [1], the discussion on ChangeLog generation should be continued,
since new ideas arose during the council meeting of 20110809.
In the light of [2] on gentoo-scm ML, and in particular the insight
given by robbat2 in [3], the discussion that was started at 19:23
by jmbsvicetto in [4] can now be considered.

I would like to put the remaining open questions for ChangeLog
generation on the agenda of the next Council meeting, so please discuss,
such that we can vote.

Given the earlier votes of the Council to add all commits to ChangeLogs,
I would like to put an additional issue on the table which I encountered
while implementing fully from CVS generated ChangeLogs for the Prefix
rsync tree.
Currently, the ChangeLog file is listed in the Manifest file.  Since it
is generated (from scratch) on rsync0, the ChangeLog file changes
compared to the one the developer used when performing repoman commit.
This means, the generated ChangeLog breaks the Manifest.  For this
reason, the Prefix rsync0 server replaces the digests for the ChangeLog
file in each Manifest file, and then (re)signs it, to solve 1) the
Manifest listing an incorrect digest for the ChangeLog, and 2) the GPG
signature for the Manifest to be incorrect.
A way around this would obviously be to ignore the ChangeLog file, and
not list it in Manifest.  Eventually, in my opinion it should disappear
from VCS anyway, since it's generated on the fly with the information we
like to be in there (in my current approach this is just everything like
current ChangeLogs do).


[1] http://www.gentoo.org/proj/en/council/meeting-logs/20110809-summary.txt
[2] http://archives.gentoo.org/gentoo-scm/msg_454e231a3ff7b7f847c6c5acbebd2bcf.xml
[3] http://archives.gentoo.org/gentoo-scm/msg_64bd32457fe1a55b6250420f8f3fcd01.xml
[4] http://www.gentoo.org/proj/en/council/meeting-logs/20110809.txt

-- 
Fabian Groffen
Gentoo on a different level



^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [gentoo-project] ChangeLog generation - continued discussions
  2011-08-24  9:01 [gentoo-project] ChangeLog generation - continued discussions Fabian Groffen
@ 2011-08-24  9:20 ` Robin H. Johnson
  2011-08-24  9:46   ` Fabian Groffen
  2011-09-07 18:38   ` Fabian Groffen
  0 siblings, 2 replies; 5+ messages in thread
From: Robin H. Johnson @ 2011-08-24  9:20 UTC (permalink / raw
  To: gentoo-project

On Wed, Aug 24, 2011 at 11:01:07AM +0200, Fabian Groffen wrote:
[snip]
> I would like to put an additional issue on the table which I encountered
> while implementing fully from CVS generated ChangeLogs for the Prefix
> rsync tree.
[snip]
And all of this is impacted by how we do thin manifests and commit
signing. 

Thin manifests are those that contain ONLY entries for files not covered
by another (direct or indirect) hash in the VCS. Git's use of SHA1
allows a conversion from Git+thin Manifest to classical Manifest2.

Commit signing has a few implications/side-effects:
- commits are signed so Manifests are NOT signed anymore.
- During the conversion to classical Manifest2, we need to create
  automated signatures (see the tree-signing GLEPs for MetaManifest).
- As a side advantage of the automated Manifests/signatures, we can use
  the Manifest2 changes proposed in the tree-signing GLEPs to cover ALL
  of the profiles and eclasses.

I'm going to be away Thursday till Monday, so the lack of any further
impact from me doesn't mean I don't have an opinion, rather just that
I'm away from the Internet.

-- 
Robin Hugh Johnson
Gentoo Linux: Developer, Trustee & Infrastructure Lead
E-Mail     : robbat2@gentoo.org
GnuPG FP   : 11AC BA4F 4778 E3F6 E4ED  F38E B27B 944E 3488 4E85



^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [gentoo-project] ChangeLog generation - continued discussions
  2011-08-24  9:20 ` Robin H. Johnson
@ 2011-08-24  9:46   ` Fabian Groffen
  2011-09-07 18:38   ` Fabian Groffen
  1 sibling, 0 replies; 5+ messages in thread
From: Fabian Groffen @ 2011-08-24  9:46 UTC (permalink / raw
  To: gentoo-project

On 24-08-2011 09:20:00 +0000, Robin H. Johnson wrote:
> On Wed, Aug 24, 2011 at 11:01:07AM +0200, Fabian Groffen wrote:
> [snip]
> > I would like to put an additional issue on the table which I encountered
> > while implementing fully from CVS generated ChangeLogs for the Prefix
> > rsync tree.
> [snip]
> And all of this is impacted by how we do thin manifests and commit
> signing. 

Obviously.

> Thin manifests are those that contain ONLY entries for files not covered
> by another (direct or indirect) hash in the VCS. Git's use of SHA1
> allows a conversion from Git+thin Manifest to classical Manifest2.

How does this work with generating the other hashes?

> Commit signing has a few implications/side-effects:
> - commits are signed so Manifests are NOT signed anymore.

I assume this is ok, and has no effect in terms of guarantees one makes
about the content.

> - During the conversion to classical Manifest2, we need to create
>   automated signatures (see the tree-signing GLEPs for MetaManifest).
> - As a side advantage of the automated Manifests/signatures, we can use
>   the Manifest2 changes proposed in the tree-signing GLEPs to cover ALL
>   of the profiles and eclasses.
>
> I'm going to be away Thursday till Monday, so the lack of any further
> impact from me doesn't mean I don't have an opinion, rather just that
> I'm away from the Internet.

Your input is much appreciated (if not authoritive).  I hope you'll
catch up on this discussion after you return.


-- 
Fabian Groffen
Gentoo on a different level



^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [gentoo-project] ChangeLog generation - continued discussions
  2011-08-24  9:20 ` Robin H. Johnson
  2011-08-24  9:46   ` Fabian Groffen
@ 2011-09-07 18:38   ` Fabian Groffen
  2011-09-07 19:51     ` Robin H. Johnson
  1 sibling, 1 reply; 5+ messages in thread
From: Fabian Groffen @ 2011-09-07 18:38 UTC (permalink / raw
  To: gentoo-project

[-- Attachment #1: Type: text/plain, Size: 541 bytes --]

On 24-08-2011 09:20:00 +0000, Robin H. Johnson wrote:
> Commit signing has a few implications/side-effects:
> - commits are signed so Manifests are NOT signed anymore.

I've done some googling, and basically nothing showed up for git, apart
from hacky script solutions like [1].
What are you referring to when you mention "commit signing"?  The
commit signing and verification capabilties of CVS?


[1] http://weierophinney.net/matthew/archives/236-GPG-signing-Git-Commits.html

-- 
Fabian Groffen
Gentoo on a different level

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [gentoo-project] ChangeLog generation - continued discussions
  2011-09-07 18:38   ` Fabian Groffen
@ 2011-09-07 19:51     ` Robin H. Johnson
  0 siblings, 0 replies; 5+ messages in thread
From: Robin H. Johnson @ 2011-09-07 19:51 UTC (permalink / raw
  To: gentoo-project

On Wed, Sep 07, 2011 at 08:38:06PM +0200, Fabian Groffen wrote:
> On 24-08-2011 09:20:00 +0000, Robin H. Johnson wrote:
> > Commit signing has a few implications/side-effects:
> > - commits are signed so Manifests are NOT signed anymore.
> What are you referring to when you mention "commit signing"?  The
> commit signing and verification capabilties of CVS?
The present discussion of signing git commits as has been on the -scm
list for more than a year now (most notably starting after last year's
GSoC Mentor summit, where we had a chance to discuss it with some of the
Git authors).

> I've done some googling, and basically nothing showed up for git, apart
> from hacky script solutions like [1].
That's along the same lines as proposed on the -scm list, but quite a
lot messier: 
- it's not clear if he's signing the correct portions of the commit.
- We're going to be storing the (detached) signatures as git notes, not
  in the commit message body.

Most recently, see my responses to alexxy on that list, describing a
pre-image attack against the git commit signing as implemented by RSBAC.
Their scripts are nice, but their actual choice of what to sign is
wrong.

-- 
Robin Hugh Johnson
Gentoo Linux: Developer, Trustee & Infrastructure Lead
E-Mail     : robbat2@gentoo.org
GnuPG FP   : 11AC BA4F 4778 E3F6 E4ED  F38E B27B 944E 3488 4E85



^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2011-09-07 19:52 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-08-24  9:01 [gentoo-project] ChangeLog generation - continued discussions Fabian Groffen
2011-08-24  9:20 ` Robin H. Johnson
2011-08-24  9:46   ` Fabian Groffen
2011-09-07 18:38   ` Fabian Groffen
2011-09-07 19:51     ` Robin H. Johnson

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox