From: Tom Grennan <tmgrennan@gmail.com>
To: Junio C Hamano <gitster@pobox.com>
Cc: git@vger.kernel.org, jasampler@gmail.com, tomg.grennan@ericsson.com
Subject: Re: [RFC/PATCH] verify-tag: check sig of all tags to given object
Date: Fri, 3 Feb 2012 21:08:18 -0800 [thread overview]
Message-ID: <20120204050818.GA2477@tgrennan-laptop> (raw)
In-Reply-To: <D140688E-B86C-4A67-9AD6-56160C26884D@ericsson.com>
Junio C Hamano <gitster@pobox.com<mailto:gitster@pobox.com>> writes:
>Tom Grennan <tom.grennan@ericsson.com<mailto:tom.grennan@ericsson.com>> writes:
>>
>>If the command argument is a non-tag object, scan and verify all tags to
>>the given object; for example:
>>
>>john$ git tag -s -m "I approve" john-README master:README
>>...
>>john$ git tag -s -m "I recommend" john-HEAD HEAD
>>...
>>john$ git push <url> tag john-README
>>john$ git push <url> tag john-HEAD
>>
>>jane$ git fetch --tags <url>
>>jane$ git tag -s -m "I also approve" jane-README master:README
>>...
>>jane$ git push <url> tag jane-README
>>
>>jeff$ git fetch --tags <url>
>>jeff$ git verify-tag master:README
>>tag john-README: OK
>>tag jane-README: OK
>>jeff$ git verify-tag HEAD
>>tag john-HEAD: OK
>>
>>Signed-off-by: Tom Grennan <tom.grennan@ericsson.com<mailto:tom.grennan@ericsson.com>>
>
>You did not describe what problem you are trying to solve, but the above
>tells me that the design of this feature has a lot of room to be improved
>to be useful for even a single trivial use scenario I can think of off the
>top of my head.
>
>Let's say after tagging v1.7.10, for some reason (as I do not know what
>problem you are trying to solve), I decided to ask my back-up maintainers,
>let's call them Shawn and Jeff, to sign that tag. Shawn is expected to do
>this:
>
> spearce$ git fetch tag v1.7.10
> spearce$ git tag -s -m "This tag is Gitster's" v1.7.10-spearce v1.7.10
> spearce$ git push http://example.com/spearce/git tags/v1.7.10-spearce
>
>Jeff will do the same, and I'll fetch v1.7.10-spearce and v1.7.10-peff
>tags from them.
>
>It is natural for me to be able to ask "I want to verify all tags that
>point at the object I asked to be signed, namely, v1.7.10" from this
>feature.
>
>But
>
> gitster$ git verify-tag v1.7.10
>
>would not be a way to do so, as that would check my signature in v1.7.10
>tag itself.
>
>It gets even worse. Suppose Jeff does this instead by mistake:
>
> peff$ git fetch v1.7.10
> peff$ git tag v1.7.10-peff v1.7.10
> peff$ git push http://example.com/peff/git tags/v1.7.10-peff
>
>Even if you added "git verify-tag --pointed v1.7.10" to disambiguate the
>request to use the new feature, the result is unusable, as I would see:
>
> gitster$ git verify-tag --pointed v1.7.10
> v1.7.10-spearce: OK
> v1.7.10-peff: OK
>
>v1.7.10-spearce and v1.7.10-peff both resolve to my v1.7.10, and they both
>are signed by known key, but v1.7.10-peff is a lightweight tag that points
>directly at my v1.7.10 and I would be seeing a signature of my own as "OK".
Sorry for messing up this thread. I had remote access trouble with work.
Wouldn't you want Shawn and Jeff to tag the object (commit, tree, or
blob) that you had tagged?
spearce$ git fetch tag v1.7.10
spearce$ eval $(git verify-tag -v v1.7.10 | sed -n '1s/ /=/p')
spearce$ git tag -s -m "This tag is Gitster's" v1.7.10-spearce $object
spearce$ git push http://example.com/spearce/git tags/v1.7.10-spearce
Or,
spearce$ git fetch tag v1.7.10
spearce$ git tag -s -m "This tag is Gitster's" v1.7.10-spearce --pointed v1.7.10
spearce$ git push http://example.com/spearce/git tags/v1.7.10-spearce
Then,
gitster$ git verify-tag $object
tag v1.7.10: OK
tag v1.7.10-spearce: OK
Or,
gitster$ git verify-tag --pointed v1.7.10
tag v1.7.10: OK
tag v1.7.10-spearce: OK
I hadn't thought of tagging a tag. As you indicate, this would be
tricky to disambiguate.
So, I intended this to verify all tags of the non-tag object that one
asked to be signed; no sign, no record.
BTW, it may also be convenient to use auto-generated tag names for the
secondary sign-offs, perhaps using the tag SHA as it's refs/tags/SHA.
spearce$ git tag -s -m "This is Gitster's v1.7.10" -- --pointed v1.7.10
peff$ git tag -s -m "This is Gitster's v1.7.10" -- --pointed v1.7.10
gitster$ git verify-tag --pointed v1.7.10
tag v1.7.10: OK
tag XXX....XXX: OK
tag YYY....YYY: OK
`git tag -l` could then ignore refs/tags/SHA with content SHA.
--
TomG
next prev parent reply other threads:[~2012-02-04 5:08 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-04 1:25 [RFC/PATCH] verify-tag: check sig of all tags to given object Tom Grennan
2012-02-04 3:16 ` Junio C Hamano
[not found] ` <D140688E-B86C-4A67-9AD6-56160C26884D@ericsson.com>
2012-02-04 5:08 ` Tom Grennan [this message]
2012-02-04 5:22 ` Junio C Hamano
2012-02-04 5:56 ` Tom Grennan
2012-02-04 6:20 ` Junio C Hamano
2012-02-04 6:49 ` Tom Grennan
2012-02-04 5:16 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120204050818.GA2477@tgrennan-laptop \
--to=tmgrennan@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=jasampler@gmail.com \
--cc=tomg.grennan@ericsson.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox