Re: [PATCH] merge/pull: verify GPG signatures of commits being merged

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Junio C Hamano <gitster@pobox.com>
To: Jonathan Nieder <jrnieder@gmail.com>
Cc: "Sebastian Götte" <jaseg@physik.tu-berlin.de>, git@vger.kernel.org
Subject: Re: [PATCH] merge/pull: verify GPG signatures of commits being merged
Date: Fri, 22 Mar 2013 20:08:53 -0700	[thread overview]
Message-ID: <7vvc8i4xtm.fsf@alter.siamese.dyndns.org> (raw)
In-Reply-To: <20130322231430.GK12223@google.com> (Jonathan Nieder's message of "Fri, 22 Mar 2013 16:14:30 -0700")

Jonathan Nieder <jrnieder@gmail.com> writes:

>> git merge/pull:
>> When --verify-signatures is specified on the command-line of git-merge
>> or git-pull, check whether the commits being merged have good gpg
>> signatures and abort the merge in case they do not. This allows e.g.
>> auto-deployment from untrusted repo hosts.
>
> This leaves me pretty nervous.  Is there an argument to pass in to
> specify a keyring with public keys to trust?  Without that, it is
> presumably using ~/.gnupg/trustdb.gpg, which is about trust of
> identity rather than trust to provide code to run on my machine. :(

I think people who create a real merge via "git pull" and use that
as "auto-deployment" mechanism is insane, but presumably that "auto"
tells us some other things, like it will be done by non-human account,
its $HOME/.gnupg would contain only the keyring that is for the auto
deployer, or the cronscript that runs "git pull" can set GNUPGHOME
and export it before doing so.

So, I wouldn't be worried about it too much.

     prev parent reply	other threads:[~2013-03-23  3:09 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-03-22 21:51 [PATCH] merge/pull: verify GPG signatures of commits being merged Sebastian Götte
2013-03-22 23:02 ` Junio C Hamano
2013-03-22 23:14 ` Jonathan Nieder
2013-03-23  3:08   ` Junio C Hamano [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=7vvc8i4xtm.fsf@alter.siamese.dyndns.org \
    --to=gitster@pobox.com \
    --cc=git@vger.kernel.org \
    --cc=jaseg@physik.tu-berlin.de \
    --cc=jrnieder@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.