From: "Shawn O. Pearce" <spearce@spearce.org>
To: "Robin H. Johnson" <robbat2@gentoo.org>
Cc: Git Mailing List <git@vger.kernel.org>
Subject: Re: GPG signing for git commit?
Date: Thu, 16 Apr 2009 07:27:28 -0700 [thread overview]
Message-ID: <20090416142728.GG23604@spearce.org> (raw)
In-Reply-To: <20090415T220710Z@curie.orbis-terrarum.net>
"Robin H. Johnson" <robbat2@gentoo.org> wrote:
> On Wed, Apr 15, 2009 at 12:20:54PM -0700, Shawn O. Pearce wrote:
> > > Not sure of the best route to trace this data. Signing the SHA1 makes
> > > the most sense, but need to be able to do that without polluting the tag
> > > namespace.
> > Have the PM push over SSH, and don't ever expire reflogs on the
> > central repository? The reflog will have the old and new commits
> > and the user name of the PM.
>
> All pushing to the central repo will be git+ssh:// anyway.
>
> I don't follow where the PM's identity is being stored, and how that's
> distributed back out with the later pulls.
Its stored in the reflog for the branch; see "git log -g branch".
Technically the environment variable GIT_COMMITTER_NAME and
GIT_COMMITTER_EMAIL is used to populate the identity into the reflog,
but if these aren't set then its guessed from the gecos information
of the effective user.
> The other downside to relying on SSH presentation of identity directly,
> is the inability to use the SSH key to uniquely identify the user during
> the SSH auth (see designs like gitosis, where you always push to
> git+ssh://git@host/repo).
Uhm, yea. That's a fault of gitosis then. It knows the key that
was used, and has that mapped back to some token that identifies that
account in the configuration file. Why it doesn't push that into the
GIT_COMMITTER_* environment before launching git-shell, I don't know.
<plug type="shameless">
My day-job project, Gerrit Code Review[1], actually does the right
thing by recording the identity of the user in the reflog...
</plug>
[1] http://code.google.com/p/gerrit/
--
Shawn.
next prev parent reply other threads:[~2009-04-16 14:29 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-04-03 21:25 GPG signing for git commit? Chow Loong Jin
2009-04-03 22:54 ` Linus Torvalds
2009-04-06 6:05 ` Sam Vilain
2009-04-15 18:55 ` Robin H. Johnson
2009-04-15 19:20 ` Shawn O. Pearce
2009-04-15 22:29 ` Robin H. Johnson
2009-04-16 14:27 ` Shawn O. Pearce [this message]
2009-04-17 3:42 ` Sitaram Chamarty
2009-04-17 12:01 ` Jeff King
2009-04-17 18:36 ` Sitaram Chamarty
2009-04-21 20:27 ` Jeff King
2009-05-07 5:30 ` Nguyen Thai Ngoc Duy
2009-05-08 19:03 ` Robin H. Johnson
2009-05-10 22:53 ` Nguyen Thai Ngoc Duy
2009-05-11 10:39 ` Nguyen Thai Ngoc Duy
2009-04-07 17:55 ` Jakub Narebski
2009-04-07 18:04 ` Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090416142728.GG23604@spearce.org \
--to=spearce@spearce.org \
--cc=git@vger.kernel.org \
--cc=robbat2@gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).