From: Sam Vilain <sam@vilain.net>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Chow Loong Jin <hyperair@gmail.com>, git@vger.kernel.org
Subject: Re: GPG signing for git commit?
Date: Mon, 06 Apr 2009 18:05:38 +1200 [thread overview]
Message-ID: <49D99BB2.2090906@vilain.net> (raw)
In-Reply-To: <alpine.LFD.2.00.0904031535140.3915@localhost.localdomain>
Linus Torvalds wrote:
> On Sat, 4 Apr 2009, Chow Loong Jin wrote:
>
>> It crossed my mind that currently git commits cannot actually be
>> verified to be authentic, due to the fact that I can just set my
>> identity to be someone else, and then commit under their name.
>>
>
> You can't do that.
>
> Well, you can, but it's always going to be inferior to just adding a tag.
>
> The thing is, what is it you want to protect? The tree, the authorship,
> the committer info, the commit log, what?
>
[...]
> Btw, there's a final reason, and probably the really real one. Signing
> each commit is totally stupid. It just means that you automate it, and you
> make the signature worth less. It also doesn't add any real value, since
> the way the git DAG-chain of SHA1's work, you only ever need _one_
> signature to make all the commits reachable from that one be effectively
> covered by that one. So signing each commit is simply missing the point.
>
> IOW, you don't _ever_ have a reason to sign anythign but the "tip". The
> only exception is the "go back and re-sign", but that's the one that
> requires external signatures anyway.
>
> So be happy with 'git tag -s'. It really is the right way.
>
Linus I agree with these points - I'd just like to point you to the new
mirror-sync design document. Under Documentation/git-mirror-sync.txt on
http://github.com/samv/git/tree/mirror-sync - and an implementation plan
outlined in Documentation/git-mirror-sync-impl.txt
This system allows for *pushes* to be signed and in general laying the
foundation for knowing that commits are authentic without the intrusion
into the refs/tags/* space that making lots of signed tags would imply.
The idea is to put 'packed-refs' contents (or a moral equivalent) in tag
bodies. It is really a new type of object, but it's sufficiently similar
to a tag that I thought I'd just go and go with that design for now.
Anyway if you're curious take a look, otherwise wait for the formal
submission once I've got something better together...
Sam
next prev parent reply other threads:[~2009-04-06 6:07 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-04-03 21:25 GPG signing for git commit? Chow Loong Jin
2009-04-03 22:54 ` Linus Torvalds
2009-04-06 6:05 ` Sam Vilain [this message]
2009-04-15 18:55 ` Robin H. Johnson
2009-04-15 19:20 ` Shawn O. Pearce
2009-04-15 22:29 ` Robin H. Johnson
2009-04-16 14:27 ` Shawn O. Pearce
2009-04-17 3:42 ` Sitaram Chamarty
2009-04-17 12:01 ` Jeff King
2009-04-17 18:36 ` Sitaram Chamarty
2009-04-21 20:27 ` Jeff King
2009-05-07 5:30 ` Nguyen Thai Ngoc Duy
2009-05-08 19:03 ` Robin H. Johnson
2009-05-10 22:53 ` Nguyen Thai Ngoc Duy
2009-05-11 10:39 ` Nguyen Thai Ngoc Duy
2009-04-07 17:55 ` Jakub Narebski
2009-04-07 18:04 ` Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49D99BB2.2090906@vilain.net \
--to=sam@vilain.net \
--cc=git@vger.kernel.org \
--cc=hyperair@gmail.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.