From: <rsbecker@nexbridge.com>
To: "'brian m. carlson'" <sandals@crustytoothpaste.net>,
"'Sean Allred'" <allred.sean@gmail.com>
Cc: <git@vger.kernel.org>, <sallred@epic.com>, <grmason@epic.com>,
<sconrad@epic.com>
Subject: RE: Dealing with corporate email recycling
Date: Sun, 13 Mar 2022 13:52:57 -0400 [thread overview]
Message-ID: <020501d83703$2f8785f0$8e9691d0$@nexbridge.com> (raw)
In-Reply-To: <Yi4oO+ifSK8OH0Mt@camp.crustytoothpaste.net>
On March 13, 2022 1:22 PM, brian m. carlson wrote:
>On 2022-03-12 at 22:38:56, Sean Allred wrote:
>> * Proposal: UUIDs
>>
>> To get what we want (i.e., the ability to run `git show HEAD~1`, know
>> that Ada wrote it, and report her current contact information), we
>> need some way of tracking identity over time. A naive solution could
>> be to extend the mailmap format as recognized by Git:
>>
>> $ git cat-file blob HEAD~1:.mailmap
>> A. U. Thor <foo@example.com> [uuid A] <ada@example.com>
>>
>> $ git cat-file blob HEAD:.mailmap
>> A. U. Thor <ada@example.com> [uuid A]
>> Roy G. Biv <foo@example.com> [uuid B] <roy@example.com>
>>
>> Now, when I run `git show HEAD~1`, Git would determine the UUID of the
>> email on the commit using the mailmap version in that tree:
>>
>> $ git -c mailmap.blob=HEAD~1:.mailmap check-mailmap --uuid
>"<foo@example.com>"
>> A
>>
>> Then, we can use that UUID to resolve to the current contact information:
>>
>> $ git check-mailmap --uuid=A
>> A. U. Thor <ada@example.com>
>>
>> Mailmap-sensitive commands can use this logic internally -- possibly
>> guarded under some new config setting.
>
>It's my intention to implement an approach where people's emails are identified
>by a key fingerprint of some sort and then converted into the proper email
>address by a mailmap that lives outside of the main history. That is, my email
>address might be
>ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad@ssh-
>sha256.ns.git-scm.com,
>and then we have a mailmap that converts between the two. If you wanted to
>have a UUID-based one, you could do 77c747a3-1599-4c8c-9569-
>f729c17632e6@uuid.ns.git-scm.com (assuming that namespace were registered).
>
>The benefit to the key part is that you can essentially prove that you are who you
>say you are. A UUID doesn't have the possibility.
>
>This was discussed briefly at some sort of contributor summit we had at some
>point, but I've been busy and haven't gotten to it yet. It is on my list of projects,
>however.
This could require a global and security hardened tokenization or signing approach. Email fingerprints from one organization would have to be able to move to another organization easily - potentially as part of the git repo's metadata. I would not use the same key as is used for signing fingerprints (mostly out of paranoia), but this is conceptually similar to the public side of a key-pair. One would have to have access to the private key in order to be a committer/author. Unfortunately, as it stands today, that may be easily spoofed (--committer, --author), so that part of the code would have to change with safeguards on what can be supplied - something I think would be welcome. Keeping with a distributed philosophy is probably essential. Just my take on it.
next prev parent reply other threads:[~2022-03-13 17:53 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-12 22:38 Dealing with corporate email recycling Sean Allred
2022-03-13 0:03 ` Junio C Hamano
2022-03-13 0:26 ` rsbecker
2022-03-13 14:01 ` Sean Allred
2022-03-13 14:20 ` rsbecker
2022-03-13 14:41 ` Sean Allred
2022-03-13 15:02 ` rsbecker
2022-03-13 15:21 ` Sean Allred
2022-03-13 19:57 ` Philip Oakley
2022-03-13 22:40 ` Sean Allred
2022-03-13 23:16 ` Junio C Hamano
2022-03-13 23:23 ` rsbecker
2022-03-14 0:19 ` Junio C Hamano
2022-03-14 11:56 ` Philip Oakley
2022-03-14 21:24 ` Junio C Hamano
2022-03-14 22:25 ` Philip Oakley
2022-03-15 1:23 ` Sean Allred
2022-03-15 11:15 ` Philip Oakley
2022-03-13 12:20 ` Philip Oakley
2022-03-13 13:35 ` Sean Allred
2022-03-14 11:59 ` Philip Oakley
2022-03-13 15:51 ` Ævar Arnfjörð Bjarmason
2022-03-13 17:22 ` brian m. carlson
2022-03-13 17:52 ` rsbecker [this message]
2022-03-13 19:47 ` rsbecker
2022-03-13 22:23 ` Sean Allred
2022-03-15 1:27 ` Sean Allred
2022-03-18 21:22 ` Peter Krefting
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='020501d83703$2f8785f0$8e9691d0$@nexbridge.com' \
--to=rsbecker@nexbridge.com \
--cc=allred.sean@gmail.com \
--cc=git@vger.kernel.org \
--cc=grmason@epic.com \
--cc=sallred@epic.com \
--cc=sandals@crustytoothpaste.net \
--cc=sconrad@epic.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).