From: Jakub Narebski <jnareb@gmail.com>
To: Johan Herland <johan@herland.net>
Cc: Philip Oakley <philipoakley@iee.org>, git@vger.kernel.org
Subject: Re: [RFD] Rewriting safety - warn before/when rewriting published history
Date: Fri, 10 Feb 2012 20:38:54 +0100 [thread overview]
Message-ID: <201202102038.55710.jnareb@gmail.com> (raw)
In-Reply-To: <CALKQrge821x7OoSekkWw7vUjP642jhbE0D9oWPcCxuuTXOqQHA@mail.gmail.com>
On Tue, 7 Feb 2012, Johan Herland wrote:
> (we are pretty much in violent agreement, so I will only comment where
> I find it necessary)
So now comes the hard part: actually implementing (well, designing and
implementing) prototypes for 'secret' trait and 'public' trait...
> On Tue, Feb 7, 2012 at 15:31, Jakub Narebski <jnareb@gmail.com> wrote:
> > Also, when thinking about different scenarios of why one would like to
> > mark commit as 'secret', we might want to be able to mark commit as
> > secret / unpublishable with respect to _subset_ of remotes, so e.g.
> > I am prevented from accidentally publishing commits marked as 'secret'
> > to public repository, or to CI/QA repository, but I can push (perhaps
> > with warning) to group repository, together with 'secret'-ness state
> > of said commit...
> >
> > ... though it wouldn't be as much 'secret' as 'confidential' ;-)
>
> Another way to achieve this would be to have a config flag to control
> whether Git checks for the 'secret' flag before pushing. This config
> flag could be set at the system/user level (to enable/disable the
> feature as a whole), at the repo level (to enable/disable it in a
> given repo), at the remote level (to enable/disable it on a given
> repo), and finally at the branch level (to enable-disable it for a
> given branch (and its upstream)). Thus you could have a .git/config
> that looked like this:
>
> [core]
> refusePushSecret = true
>
> [remote "foo"]
> refusePushSecret = false
> url = ...
> fetch = ...
>
> [branch "baz"]
> remote = foo
> merge = refs/heads/baz
> refusePushSecret = true
>
> This config would:
>
> - refuse to push 'secret' commits from branch 'baz'
> (branch.baz.refusePushSecret == true)
>
> - but allow to push other branches with 'secret' commits to remote
> 'foo' (remote.foo.refusePushSecret == false)
>
> - but refuse to push 'secret' commits to other remotes
> (core.refusePushSecret == true)
>
> (The order of precedence would be: branch config > remote config >
> repo config > user config > system config > default when unset)
You read my mind.
> I am unsure whether the 'secret'-ness of a commit should follow across
> the push, but if you do (assuming we store the 'secret' flag using
> git-notes) this is simply a matter of synchronizing the
> refs/notes/secret to the same remote.
I think it should, so that 'secret' commit would not escape by accident
via a group secret repository.
What makes it hard (I think) is that we would prefer to transfer
'secret'-ness only for pushed commits. That might be problem for notes
based implementation of 'secret' annotation and 'secret'-ness transfer...
though I guess knowing that there exist 'secret' commit with given SHA1
which we do not have and should not have is not much breach of
confidentiality. Still...
--
Jakub Narebski
Poland
next prev parent reply other threads:[~2012-02-10 19:39 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-04 19:45 [RFD] Rewriting safety - warn before/when rewriting published history Jakub Narebski
2012-02-05 14:33 ` Ben Walton
2012-02-05 15:05 ` Jakub Narebski
[not found] ` <CAFA910035B74E56A52A96097E76AC39@PhilipOakley>
2012-02-05 16:15 ` Jakub Narebski
2012-02-05 17:29 ` Johan Herland
2012-02-05 20:46 ` Jakub Narebski
2012-02-05 22:49 ` Johan Herland
2012-02-06 14:44 ` Jakub Narebski
2012-02-06 15:59 ` Johan Herland
2012-02-06 17:14 ` Jakub Narebski
2012-02-06 20:16 ` Johan Herland
2012-02-07 14:31 ` Jakub Narebski
2012-02-07 15:09 ` Johan Herland
2012-02-10 19:38 ` Jakub Narebski [this message]
2012-02-10 20:19 ` Philip Oakley
2012-02-11 13:10 ` Johan Herland
2012-02-11 13:45 ` Jakub Narebski
2012-02-20 21:07 ` [RFC] pre-rebase: Refuse to rewrite commits that are reachable from upstream Johan Herland
2012-02-20 21:21 ` Johan Herland
2012-02-20 22:43 ` Junio C Hamano
2012-02-21 0:03 ` Johan Herland
2012-02-21 7:44 ` Junio C Hamano
2012-02-21 23:23 ` Johan Herland
2012-02-21 23:43 ` Junio C Hamano
2012-02-21 23:59 ` Dave Zarzycki
2012-02-22 7:09 ` Jeff King
2012-02-22 8:00 ` Dave Zarzycki
2012-04-07 15:01 ` [RFD] Rewriting safety - warn before/when rewriting published history Steven Michalske
2012-04-07 14:49 ` Steven Michalske
2012-02-07 17:27 ` Ronan Keryell
2012-02-06 0:57 ` Steven Michalske
2012-02-06 6:53 ` Johan Herland
2012-02-06 13:45 ` Jakub Narebski
2012-04-07 14:36 ` Steven Michalske
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201202102038.55710.jnareb@gmail.com \
--to=jnareb@gmail.com \
--cc=git@vger.kernel.org \
--cc=johan@herland.net \
--cc=philipoakley@iee.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.