From: Jakub Narebski <jnareb@gmail.com>
To: Johan Herland <johan@herland.net>
Cc: Philip Oakley <philipoakley@iee.org>, git@vger.kernel.org
Subject: Re: [RFD] Rewriting safety - warn before/when rewriting published history
Date: Fri, 10 Feb 2012 20:38:54 +0100 [thread overview]
Message-ID: <201202102038.55710.jnareb@gmail.com> (raw)
In-Reply-To: <CALKQrge821x7OoSekkWw7vUjP642jhbE0D9oWPcCxuuTXOqQHA@mail.gmail.com>
On Tue, 7 Feb 2012, Johan Herland wrote:
> (we are pretty much in violent agreement, so I will only comment where
> I find it necessary)
So now comes the hard part: actually implementing (well, designing and
implementing) prototypes for 'secret' trait and 'public' trait...
> On Tue, Feb 7, 2012 at 15:31, Jakub Narebski <jnareb@gmail.com> wrote:
> > Also, when thinking about different scenarios of why one would like to
> > mark commit as 'secret', we might want to be able to mark commit as
> > secret / unpublishable with respect to _subset_ of remotes, so e.g.
> > I am prevented from accidentally publishing commits marked as 'secret'
> > to public repository, or to CI/QA repository, but I can push (perhaps
> > with warning) to group repository, together with 'secret'-ness state
> > of said commit...
> >
> > ... though it wouldn't be as much 'secret' as 'confidential' ;-)
>
> Another way to achieve this would be to have a config flag to control
> whether Git checks for the 'secret' flag before pushing. This config
> flag could be set at the system/user level (to enable/disable the
> feature as a whole), at the repo level (to enable/disable it in a
> given repo), at the remote level (to enable/disable it on a given
> repo), and finally at the branch level (to enable-disable it for a
> given branch (and its upstream)). Thus you could have a .git/config
> that looked like this:
>
> [core]
> refusePushSecret = true
>
> [remote "foo"]
> refusePushSecret = false
> url = ...
> fetch = ...
>
> [branch "baz"]
> remote = foo
> merge = refs/heads/baz
> refusePushSecret = true
>
> This config would:
>
> - refuse to push 'secret' commits from branch 'baz'
> (branch.baz.refusePushSecret == true)
>
> - but allow to push other branches with 'secret' commits to remote
> 'foo' (remote.foo.refusePushSecret == false)
>
> - but refuse to push 'secret' commits to other remotes
> (core.refusePushSecret == true)
>
> (The order of precedence would be: branch config > remote config >
> repo config > user config > system config > default when unset)
You read my mind.
> I am unsure whether the 'secret'-ness of a commit should follow across
> the push, but if you do (assuming we store the 'secret' flag using
> git-notes) this is simply a matter of synchronizing the
> refs/notes/secret to the same remote.
I think it should, so that 'secret' commit would not escape by accident
via a group secret repository.
What makes it hard (I think) is that we would prefer to transfer
'secret'-ness only for pushed commits. That might be problem for notes
based implementation of 'secret' annotation and 'secret'-ness transfer...
though I guess knowing that there exist 'secret' commit with given SHA1
which we do not have and should not have is not much breach of
confidentiality. Still...
--
Jakub Narebski
Poland
next prev parent reply other threads:[~2012-02-10 19:39 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-04 19:45 [RFD] Rewriting safety - warn before/when rewriting published history Jakub Narebski
2012-02-05 14:33 ` Ben Walton
2012-02-05 15:05 ` Jakub Narebski
[not found] ` <CAFA910035B74E56A52A96097E76AC39@PhilipOakley>
2012-02-05 16:15 ` Jakub Narebski
2012-02-05 17:29 ` Johan Herland
2012-02-05 20:46 ` Jakub Narebski
2012-02-05 22:49 ` Johan Herland
2012-02-06 14:44 ` Jakub Narebski
2012-02-06 15:59 ` Johan Herland
2012-02-06 17:14 ` Jakub Narebski
2012-02-06 20:16 ` Johan Herland
2012-02-07 14:31 ` Jakub Narebski
2012-02-07 15:09 ` Johan Herland
2012-02-10 19:38 ` Jakub Narebski [this message]
2012-02-10 20:19 ` Philip Oakley
2012-02-11 13:10 ` Johan Herland
2012-02-11 13:45 ` Jakub Narebski
2012-02-20 21:07 ` [RFC] pre-rebase: Refuse to rewrite commits that are reachable from upstream Johan Herland
2012-02-20 21:21 ` Johan Herland
2012-02-20 22:43 ` Junio C Hamano
2012-02-21 0:03 ` Johan Herland
2012-02-21 7:44 ` Junio C Hamano
2012-02-21 23:23 ` Johan Herland
2012-02-21 23:43 ` Junio C Hamano
2012-02-21 23:59 ` Dave Zarzycki
2012-02-22 7:09 ` Jeff King
2012-02-22 8:00 ` Dave Zarzycki
2012-04-07 15:01 ` [RFD] Rewriting safety - warn before/when rewriting published history Steven Michalske
2012-04-07 14:49 ` Steven Michalske
2012-02-07 17:27 ` Ronan Keryell
2012-02-06 0:57 ` Steven Michalske
2012-02-06 6:53 ` Johan Herland
2012-02-06 13:45 ` Jakub Narebski
2012-04-07 14:36 ` Steven Michalske
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201202102038.55710.jnareb@gmail.com \
--to=jnareb@gmail.com \
--cc=git@vger.kernel.org \
--cc=johan@herland.net \
--cc=philipoakley@iee.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).