b4: Feature-Request: use salted hash for change-id instead of descriptive-name when using b4 prep

All of lore.kernel.org
 help / color / mirror / Atom feed

* b4: Feature-Request: use salted hash for change-id instead of descriptive-name when using b4 prep
@ 2023-06-02  8:00 Johannes Zink
  2023-06-02 16:50 ` Konstantin Ryabitsev
  0 siblings, 1 reply; 5+ messages in thread
From: Johannes Zink @ 2023-06-02  8:00 UTC (permalink / raw)
  To: konstantin, users, tools; +Cc: kernel

Hi,

first of all: thanks for creating and maintaining b4, it makes my daily kernel 
developer's life so much easier...

Accidentally I came across a (documented [1]) behaviour of b4 prep that is a 
little dangerous for my workflow: the descriptive-name is incorperated in the 
MessageID and the changeID in plaintext.

While for most applications this is probably fine, sometimes I use branch names 
along the line of "upstream-feature-for-$super_secret_customer_project" (or 
some other stupid branch names [2] - which it at least a bit funny if you know 
german...), which poses a risk of actually leaking information I do not want to 
be leaked.

I would like to ask if there is a possibility to change this to using a salted 
hash instead (salt is probably required due to rainbow table attacks) for 
messageID and changeID. If this would break some workflows, it could possibly 
be added as an optional command line argument for b4 prep?

Maybe this is just stupid-me, but I think other people might also benefit from 
this feature.

Cheers and again: thanks for your work
Johannes

[1] https://b4.docs.kernel.org/en/latest/contributor/prep.html
[2] 
https://lore.kernel.org/lkml/20230516-lustige-usb-phy-dinge-v2-1-3383a0de34ac@pengutronix.de/T/

-- 
Pengutronix e.K.                | Johannes Zink                  |
Steuerwalder Str. 21            | https://www.pengutronix.de/    |
31137 Hildesheim, Germany       | Phone: +49-5121-206917-0       |
Amtsgericht Hildesheim, HRA 2686| Fax:   +49-5121-206917-5555    |

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: b4: Feature-Request: use salted hash for change-id instead of descriptive-name when using b4 prep
  2023-06-02  8:00 b4: Feature-Request: use salted hash for change-id instead of descriptive-name when using b4 prep Johannes Zink
@ 2023-06-02 16:50 ` Konstantin Ryabitsev
  2023-06-05  6:10   ` Johannes Zink
  0 siblings, 1 reply; 5+ messages in thread
From: Konstantin Ryabitsev @ 2023-06-02 16:50 UTC (permalink / raw)
  To: Johannes Zink; +Cc: users, tools, kernel

On Fri, Jun 02, 2023 at 10:00:11AM +0200, Johannes Zink wrote:
> Hi,
> 
> first of all: thanks for creating and maintaining b4, it makes my daily
> kernel developer's life so much easier...
> 
> Accidentally I came across a (documented [1]) behaviour of b4 prep that is a
> little dangerous for my workflow: the descriptive-name is incorperated in
> the MessageID and the changeID in plaintext.
> 
> While for most applications this is probably fine, sometimes I use branch
> names along the line of
> "upstream-feature-for-$super_secret_customer_project" (or some other stupid
> branch names [2] - which it at least a bit funny if you know german...),
> which poses a risk of actually leaking information I do not want to be
> leaked.

Hm.. this is a certainly not a workflow scenario I had considered.

> I would like to ask if there is a possibility to change this to using a
> salted hash instead (salt is probably required due to rainbow table attacks)
> for messageID and changeID. If this would break some workflows, it could
> possibly be added as an optional command line argument for b4 prep?

I will consider this request. For now, you can manually edit the cover letter
commit to change the JSON bit there that records the change-id.

E.g. right after you create a new b4-tracked branch using "b4 prep -n", you
can run "git commit --amend --allow-empty" and modify the change-id to be
whatever you like. Note, that you should only do this before you send out any
revisions.

-K

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: b4: Feature-Request: use salted hash for change-id instead of descriptive-name when using b4 prep
  2023-06-02 16:50 ` Konstantin Ryabitsev
@ 2023-06-05  6:10   ` Johannes Zink
  2023-06-05  7:26     ` Mattijs Korpershoek
  0 siblings, 1 reply; 5+ messages in thread
From: Johannes Zink @ 2023-06-05  6:10 UTC (permalink / raw)
  To: Konstantin Ryabitsev; +Cc: users, tools, kernel

Hi Konstantin,

On 6/2/23 18:50, Konstantin Ryabitsev wrote:
> On Fri, Jun 02, 2023 at 10:00:11AM +0200, Johannes Zink wrote:
>> Hi,

>>[snip]
>> I would like to ask if there is a possibility to change this to using a
>> salted hash instead (salt is probably required due to rainbow table attacks)
>> for messageID and changeID. If this would break some workflows, it could
>> possibly be added as an optional command line argument for b4 prep?
> 
> I will consider this request. For now, you can manually edit the cover letter
> commit to change the JSON bit there that records the change-id.

thanks, that will definitely help for now, though it would be great to have it 
supported natively in b4 prep.

> 
> E.g. right after you create a new b4-tracked branch using "b4 prep -n", you
> can run "git commit --amend --allow-empty" and modify the change-id to be
> whatever you like. Note, that you should only do this before you send out any
> revisions.
> 

is that equivalent to do b4 prep --edit-cover?

Johannes

> -K
> 

-- 
Pengutronix e.K.                | Johannes Zink                  |
Steuerwalder Str. 21            | https://www.pengutronix.de/    |
31137 Hildesheim, Germany       | Phone: +49-5121-206917-0       |
Amtsgericht Hildesheim, HRA 2686| Fax:   +49-5121-206917-5555    |


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: b4: Feature-Request: use salted hash for change-id instead of descriptive-name when using b4 prep
  2023-06-05  6:10   ` Johannes Zink
@ 2023-06-05  7:26     ` Mattijs Korpershoek
  2023-06-05  7:32       ` Johannes Zink
  0 siblings, 1 reply; 5+ messages in thread
From: Mattijs Korpershoek @ 2023-06-05  7:26 UTC (permalink / raw)
  To: Johannes Zink, Konstantin Ryabitsev; +Cc: users, tools, kernel

Hi Johannes,

On lun., juin 05, 2023 at 08:10, Johannes Zink <j.zink@pengutronix.de> wrote:

> Hi Konstantin,
>
> On 6/2/23 18:50, Konstantin Ryabitsev wrote:
>> On Fri, Jun 02, 2023 at 10:00:11AM +0200, Johannes Zink wrote:
>>> Hi,
>
>>>[snip]
>>> I would like to ask if there is a possibility to change this to using a
>>> salted hash instead (salt is probably required due to rainbow table attacks)
>>> for messageID and changeID. If this would break some workflows, it could
>>> possibly be added as an optional command line argument for b4 prep?
>> 
>> I will consider this request. For now, you can manually edit the cover letter
>> commit to change the JSON bit there that records the change-id.
>
> thanks, that will definitely help for now, though it would be great to have it 
> supported natively in b4 prep.
>
>> 
>> E.g. right after you create a new b4-tracked branch using "b4 prep -n", you
>> can run "git commit --amend --allow-empty" and modify the change-id to be
>> whatever you like. Note, that you should only do this before you send out any
>> revisions.
>> 
>
> is that equivalent to do b4 prep --edit-cover?

No, it is not. b4 prep --edit-cover does not show the
"--- b4-submit-tracking ---" section that Konstantin recommended you to
edit.

You can only edit that with "git commit --amend --allow-empty"


>
> Johannes
>
>> -K
>> 
>
> -- 
> Pengutronix e.K.                | Johannes Zink                  |
> Steuerwalder Str. 21            | https://www.pengutronix.de/    |
> 31137 Hildesheim, Germany       | Phone: +49-5121-206917-0       |
> Amtsgericht Hildesheim, HRA 2686| Fax:   +49-5121-206917-5555    |

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: b4: Feature-Request: use salted hash for change-id instead of descriptive-name when using b4 prep
  2023-06-05  7:26     ` Mattijs Korpershoek
@ 2023-06-05  7:32       ` Johannes Zink
  0 siblings, 0 replies; 5+ messages in thread
From: Johannes Zink @ 2023-06-05  7:32 UTC (permalink / raw)
  To: Mattijs Korpershoek, Konstantin Ryabitsev; +Cc: users, tools, kernel

Hi Mattijs,

On 6/5/23 09:26, Mattijs Korpershoek wrote:
>>
[snip]
>>>
>>
>> is that equivalent to do b4 prep --edit-cover?
> 
> No, it is not. b4 prep --edit-cover does not show the
> "--- b4-submit-tracking ---" section that Konstantin recommended you to
> edit.
> 
> You can only edit that with "git commit --amend --allow-empty"
> 

thank you for your explaination and your fast response!

Johannes

> 
>>

-- 
Pengutronix e.K.                | Johannes Zink                  |
Steuerwalder Str. 21            | https://www.pengutronix.de/    |
31137 Hildesheim, Germany       | Phone: +49-5121-206917-0       |
Amtsgericht Hildesheim, HRA 2686| Fax:   +49-5121-206917-5555    |


^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2023-06-05  7:32 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-06-02  8:00 b4: Feature-Request: use salted hash for change-id instead of descriptive-name when using b4 prep Johannes Zink
2023-06-02 16:50 ` Konstantin Ryabitsev
2023-06-05  6:10   ` Johannes Zink
2023-06-05  7:26     ` Mattijs Korpershoek
2023-06-05  7:32       ` Johannes Zink

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.