From: <rsbecker@nexbridge.com>
To: "'brian m. carlson'" <sandals@crustytoothpaste.net>,
"'Sean Allred'" <allred.sean@gmail.com>
Cc: <git@vger.kernel.org>, <sallred@epic.com>, <grmason@epic.com>,
<sconrad@epic.com>
Subject: RE: Dealing with corporate email recycling
Date: Sun, 13 Mar 2022 13:52:57 -0400 [thread overview]
Message-ID: <020501d83703$2f8785f0$8e9691d0$@nexbridge.com> (raw)
In-Reply-To: <Yi4oO+ifSK8OH0Mt@camp.crustytoothpaste.net>
On March 13, 2022 1:22 PM, brian m. carlson wrote:
>On 2022-03-12 at 22:38:56, Sean Allred wrote:
>> * Proposal: UUIDs
>>
>> To get what we want (i.e., the ability to run `git show HEAD~1`, know
>> that Ada wrote it, and report her current contact information), we
>> need some way of tracking identity over time. A naive solution could
>> be to extend the mailmap format as recognized by Git:
>>
>> $ git cat-file blob HEAD~1:.mailmap
>> A. U. Thor <foo@example.com> [uuid A] <ada@example.com>
>>
>> $ git cat-file blob HEAD:.mailmap
>> A. U. Thor <ada@example.com> [uuid A]
>> Roy G. Biv <foo@example.com> [uuid B] <roy@example.com>
>>
>> Now, when I run `git show HEAD~1`, Git would determine the UUID of the
>> email on the commit using the mailmap version in that tree:
>>
>> $ git -c mailmap.blob=HEAD~1:.mailmap check-mailmap --uuid
>"<foo@example.com>"
>> A
>>
>> Then, we can use that UUID to resolve to the current contact information:
>>
>> $ git check-mailmap --uuid=A
>> A. U. Thor <ada@example.com>
>>
>> Mailmap-sensitive commands can use this logic internally -- possibly
>> guarded under some new config setting.
>
>It's my intention to implement an approach where people's emails are identified
>by a key fingerprint of some sort and then converted into the proper email
>address by a mailmap that lives outside of the main history. That is, my email
>address might be
>ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad@ssh-
>sha256.ns.git-scm.com,
>and then we have a mailmap that converts between the two. If you wanted to
>have a UUID-based one, you could do 77c747a3-1599-4c8c-9569-
>f729c17632e6@uuid.ns.git-scm.com (assuming that namespace were registered).
>
>The benefit to the key part is that you can essentially prove that you are who you
>say you are. A UUID doesn't have the possibility.
>
>This was discussed briefly at some sort of contributor summit we had at some
>point, but I've been busy and haven't gotten to it yet. It is on my list of projects,
>however.
This could require a global and security hardened tokenization or signing approach. Email fingerprints from one organization would have to be able to move to another organization easily - potentially as part of the git repo's metadata. I would not use the same key as is used for signing fingerprints (mostly out of paranoia), but this is conceptually similar to the public side of a key-pair. One would have to have access to the private key in order to be a committer/author. Unfortunately, as it stands today, that may be easily spoofed (--committer, --author), so that part of the code would have to change with safeguards on what can be supplied - something I think would be welcome. Keeping with a distributed philosophy is probably essential. Just my take on it.
next prev parent reply other threads:[~2022-03-13 17:53 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-12 22:38 Dealing with corporate email recycling Sean Allred
2022-03-13 0:03 ` Junio C Hamano
2022-03-13 0:26 ` rsbecker
2022-03-13 14:01 ` Sean Allred
2022-03-13 14:20 ` rsbecker
2022-03-13 14:41 ` Sean Allred
2022-03-13 15:02 ` rsbecker
2022-03-13 15:21 ` Sean Allred
2022-03-13 19:57 ` Philip Oakley
2022-03-13 22:40 ` Sean Allred
2022-03-13 23:16 ` Junio C Hamano
2022-03-13 23:23 ` rsbecker
2022-03-14 0:19 ` Junio C Hamano
2022-03-14 11:56 ` Philip Oakley
2022-03-14 21:24 ` Junio C Hamano
2022-03-14 22:25 ` Philip Oakley
2022-03-15 1:23 ` Sean Allred
2022-03-15 11:15 ` Philip Oakley
2022-03-13 12:20 ` Philip Oakley
2022-03-13 13:35 ` Sean Allred
2022-03-14 11:59 ` Philip Oakley
2022-03-13 15:51 ` Ævar Arnfjörð Bjarmason
2022-03-13 17:22 ` brian m. carlson
2022-03-13 17:52 ` rsbecker [this message]
2022-03-13 19:47 ` rsbecker
2022-03-13 22:23 ` Sean Allred
2022-03-15 1:27 ` Sean Allred
2022-03-18 21:22 ` Peter Krefting
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='020501d83703$2f8785f0$8e9691d0$@nexbridge.com' \
--to=rsbecker@nexbridge.com \
--cc=allred.sean@gmail.com \
--cc=git@vger.kernel.org \
--cc=grmason@epic.com \
--cc=sallred@epic.com \
--cc=sandals@crustytoothpaste.net \
--cc=sconrad@epic.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.