From: Theodore Tso <tytso@MIT.EDU>
To: "Stephen R. van den Berg" <srb@cuci.nl>
Cc: Nicolas Pitre <nico@cam.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Jakub Narebski <jnareb@gmail.com>,
git@vger.kernel.org
Subject: Re: [RFC] origin link for cherry-pick and revert
Date: Thu, 11 Sep 2008 17:01:18 -0400 [thread overview]
Message-ID: <20080911210118.GO5082@mit.edu> (raw)
In-Reply-To: <20080911195516.GE1451@cuci.nl>
On Thu, Sep 11, 2008 at 09:55:16PM +0200, Stephen R. van den Berg wrote:
> > Having it versionned also
> >means that older git versions will be able to carry that information
> >even if they won't make any use of it, and that also solves the
> >cryptographic issue since that data is part of the top commit SHA1.
>
> It would allow the data to be faked, that is undesirable for "git blame".
Why would this matter? The information is largely
self-authenticating. If a commit claims to have come from some other
cherry-pick, a human taking a quick look at it would know instantly
that this wasn't true. So what's the harm done if some incorrect
information gets introduced? "git blame" is something which is
generally used by humans, not by automated programs.
Also, what's the attack scenario? The person who originally makes the
commit can easily fake the origin link information. They can hack git
to fill on some other commit ID, for example. So what you are
protecting against is someone after the fact adding the annotation
that this commit was related to this other commit. When would this be
a bad thing to do? If they are adding correct information, it's a
good thing. If they add incorrect information, what's the harm they
can as a result of being able to add the incorrect information.
(Noting that if this annotation file is kept under git control, you
can use what ever access controls and/or process controls that verify
that a new cherry-pick --- or a commit claiming to be a cherry-pick
--- is valid and should be accepted into the master git repository for
that project.
- Ted
next prev parent reply other threads:[~2008-09-11 21:02 UTC|newest]
Thread overview: 137+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-09-09 13:22 [RFC] origin link for cherry-pick and revert Stephen R. van den Berg
2008-09-09 13:38 ` Paolo Bonzini
2008-09-09 14:04 ` Stephen R. van den Berg
2008-09-09 13:48 ` Stephen R. van den Berg
2008-09-09 15:44 ` Jakub Narebski
2008-09-09 16:38 ` Steven Grimm
2008-09-09 19:43 ` Stephen R. van den Berg
2008-09-09 19:59 ` Jeff King
2008-09-09 20:25 ` Stephen R. van den Berg
2008-09-09 20:42 ` Junio C Hamano
2008-09-09 20:47 ` Shawn O. Pearce
2008-09-09 20:50 ` Jeff King
2008-09-09 22:35 ` Jakub Narebski
2008-09-09 23:07 ` Jakub Narebski
2008-09-10 8:10 ` Paolo Bonzini
2008-09-10 0:13 ` Stephen R. van den Berg
2008-09-10 1:59 ` Junio C Hamano
2008-09-10 5:38 ` Stephen R. van den Berg
2008-09-09 21:05 ` Junio C Hamano
2008-09-09 21:09 ` Jeff King
2008-09-09 23:36 ` Stephen R. van den Berg
2008-09-09 20:54 ` Jakub Narebski
2008-09-09 23:08 ` Stephen R. van den Berg
2008-09-09 23:35 ` Linus Torvalds
2008-09-09 23:58 ` Stephen R. van den Berg
2008-09-10 0:23 ` Linus Torvalds
2008-09-10 5:42 ` Stephen R. van den Berg
2008-09-10 15:30 ` Linus Torvalds
2008-09-10 23:09 ` Stephen R. van den Berg
2008-09-11 0:39 ` Linus Torvalds
2008-09-11 6:22 ` Stephen R. van den Berg
2008-09-11 8:20 ` Jakub Narebski
2008-09-11 12:31 ` Stephen R. van den Berg
2008-09-11 13:51 ` Theodore Tso
2008-09-11 15:32 ` Stephen R. van den Berg
2008-09-11 18:00 ` Theodore Tso
2008-09-11 19:03 ` Stephen R. van den Berg
2008-09-11 19:33 ` Nicolas Pitre
2008-09-11 19:44 ` Stephen R. van den Berg
2008-09-11 20:03 ` Nicolas Pitre
2008-09-11 20:24 ` Stephen R. van den Berg
2008-09-11 20:05 ` Jakub Narebski
2008-09-11 20:22 ` Stephen R. van den Berg
2008-09-12 0:30 ` A Large Angry SCM
2008-09-12 5:39 ` Stephen R. van den Berg
2008-09-11 20:04 ` Theodore Tso
2008-09-11 21:46 ` Jeff King
2008-09-11 22:56 ` Stephen R. van den Berg
2008-09-11 23:01 ` Jeff King
2008-09-11 23:17 ` Stephen R. van den Berg
2008-09-11 23:10 ` Linus Torvalds
2008-09-11 23:26 ` Jeff King
2008-09-11 23:36 ` Stephen R. van den Berg
2008-09-11 15:02 ` Nicolas Pitre
2008-09-11 16:00 ` Stephen R. van den Berg
2008-09-11 17:02 ` Nicolas Pitre
2008-09-11 18:44 ` Stephen R. van den Berg
2008-09-11 20:00 ` Nicolas Pitre
2008-09-11 21:05 ` Junio C Hamano
2008-09-11 22:32 ` Stephen R. van den Berg
2008-09-11 22:40 ` Stephen R. van den Berg
2008-09-11 12:28 ` A Large Angry SCM
2008-09-11 12:39 ` Stephen R. van den Berg
2008-09-12 0:03 ` A Large Angry SCM
2008-09-12 0:13 ` Stephen R. van den Berg
2008-09-11 15:39 ` Linus Torvalds
2008-09-11 16:01 ` Paolo Bonzini
2008-09-11 16:23 ` Linus Torvalds
2008-09-11 20:16 ` Stephen R. van den Berg
2008-09-11 16:53 ` Jakub Narebski
2008-09-11 19:23 ` Stephen R. van den Berg
2008-09-11 19:45 ` Nicolas Pitre
2008-09-11 19:55 ` Stephen R. van den Berg
2008-09-11 20:27 ` Nicolas Pitre
2008-09-12 8:50 ` Stephen R. van den Berg
2008-09-11 21:01 ` Theodore Tso [this message]
2008-09-12 8:40 ` Stephen R. van den Berg
2008-09-10 8:30 ` Paolo Bonzini
2008-09-10 15:32 ` Linus Torvalds
2008-09-10 15:37 ` Paolo Bonzini
2008-09-10 15:43 ` Linus Torvalds
2008-09-10 15:46 ` Linus Torvalds
2008-09-10 15:57 ` Paolo Bonzini
2008-09-10 23:15 ` Stephen R. van den Berg
2008-09-10 16:23 ` Jakub Narebski
2008-09-11 23:28 ` Sam Vilain
2008-09-11 23:44 ` Linus Torvalds
2008-09-12 2:24 ` Sam Vilain
2008-09-12 5:47 ` Stephen R. van den Berg
2008-09-12 6:19 ` Rogan Dawes
2008-09-12 6:56 ` Stephen R. van den Berg
2008-09-12 14:58 ` Theodore Tso
2008-09-12 15:05 ` Paolo Bonzini
2008-09-12 15:11 ` Jakub Narebski
2008-09-12 15:40 ` Paolo Bonzini
2008-09-12 16:00 ` Theodore Tso
2008-09-12 15:54 ` Stephen R. van den Berg
2008-09-12 16:19 ` Jeff King
2008-09-12 16:43 ` Stephen R. van den Berg
2008-09-12 18:44 ` Theodore Tso
2008-09-12 20:56 ` Stephen R. van den Berg
2008-09-15 12:21 ` Sam Vilain
2008-09-09 23:59 ` Jakub Narebski
2008-09-09 21:13 ` Petr Baudis
2008-09-09 22:56 ` Stephen R. van den Berg
2008-09-09 23:05 ` Petr Baudis
2008-09-09 23:32 ` Stephen R. van den Berg
2008-09-10 9:35 ` [RFC] origin link for cherry-pick and revert, and more about porcelain-level metadata Paolo Bonzini
2008-09-10 10:44 ` Petr Baudis
2008-09-10 11:49 ` Stephen R. van den Berg
2008-09-10 12:30 ` Petr Baudis
2008-09-10 13:14 ` Stephen R. van den Berg
2008-09-10 14:33 ` Dmitry Potapov
2008-09-10 15:15 ` Stephen R. van den Berg
2008-09-10 15:24 ` Paolo Bonzini
2008-09-10 12:21 ` [RFC] origin link for cherry-pick and revert Theodore Tso
2008-09-10 14:16 ` Stephen R. van den Berg
2008-09-10 15:10 ` Jeff King
2008-09-10 21:50 ` Stephen R. van den Berg
2008-09-10 21:54 ` Jeff King
2008-09-10 22:34 ` Stephen R. van den Berg
2008-09-10 22:55 ` Jeff King
2008-09-10 23:19 ` Stephen R. van den Berg
2008-09-11 5:16 ` Paolo Bonzini
2008-09-11 7:55 ` Stephen R. van den Berg
2008-09-11 8:45 ` Paolo Bonzini
2008-09-11 12:33 ` A Large Angry SCM
2008-09-11 2:46 ` Nicolas Pitre
2008-09-10 16:18 ` Theodore Tso
2008-09-10 16:40 ` Petr Baudis
2008-09-10 17:58 ` Paolo Bonzini
2008-09-10 22:44 ` Stephen R. van den Berg
2008-09-10 8:45 ` Paolo Bonzini
2008-09-23 13:51 ` Recording "partial merges" (was: Re: [RFC] origin link for cherry-pick and revert) Peter Krefting
2008-09-10 20:32 ` [RFC] origin link for cherry-pick and revert Miklos Vajna
2008-09-10 20:55 ` Nicolas Pitre
2008-09-10 21:06 ` Miklos Vajna
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080911210118.GO5082@mit.edu \
--to=tytso@mit.edu \
--cc=git@vger.kernel.org \
--cc=jnareb@gmail.com \
--cc=nico@cam.org \
--cc=srb@cuci.nl \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).