From: Theodore Ts'o <tytso@mit.edu>
To: Junio C Hamano <gitster@pobox.com>
Cc: Nico Williams <nico@cryptonector.com>,
Jonathan Nieder <jrnieder@gmail.com>,
git discussion list <git@vger.kernel.org>,
Ronnie Sahlberg <sahlberg@google.com>
Subject: Re: Use case (was Re: Should branches be objects?)
Date: Wed, 25 Jun 2014 18:44:40 -0400 [thread overview]
Message-ID: <20140625224440.GD10397@thunk.org> (raw)
In-Reply-To: <xmqqegycans6.fsf@gitster.dls.corp.google.com>
On Wed, Jun 25, 2014 at 10:42:49AM -0700, Junio C Hamano wrote:
> Nico Williams <nico@cryptonector.com> writes:
>
> > On Tue, Jun 24, 2014 at 6:09 AM, Theodore Ts'o <tytso@mit.edu> wrote:
> > ...
> >> This seems pretty close to what we have with signed tags. When I send
> >> a pull request to Linus, I create a signed tag which createscontains a
> >> message about a set of commits, and this message is automatically
> >> included in the pull request message generated with "git
> >> request-pull", and when Linus merges my pull request, the
> >> cryptographically signed tag, along with the message, date of the
> >> signature, etc., is preserved for all posterity.
> >
> > Thanks for pointing this out. Signed tags are objects -- that's a
> > clear and strong precedent..
>
> Sounds as if you are interpreting what Ted said as a supporting
> argument for having branches as separate type of objects, but the
> way I read it was "signed tags are sufficient for what you want to
> do; adding a new "branch" type does not make much sense at this
> point".
Yes, that's what I was saying. If you want to record a reliable "who
pushed this" (or "who requested this to be pulled"), you really want
to use a GPG signature, since otherwise the identity of the pusher can
be completely faked --- especially if the you have a tiered system
where you have sub-maintainers in the mix. So if you want any kind of
auditability long after the fact, you want digital signatures, and so
a signed tag maps exactly to what you want --- modulo needing a
standardized "Linus Torvalds" bot. But the nice thing about creating
such an automated pull request processing system is that it doesn't
require making any changes to core git.
If you insist that it has to be done via a "git push", I suspect it
wouldn't be that hard to add changes to Gerrit (which already has an
concept of access control which ssh keys are allowed to push a
change), and extended it to include a hook that validated whether the
push included a signed tag. Again, no core changes needed to git, or
to the repository format.
- Ted
prev parent reply other threads:[~2014-06-25 22:44 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-24 3:20 Use case (was Re: Should branches be objects?) Nico Williams
2014-06-24 11:01 ` John Keeping
2014-06-24 11:09 ` Theodore Ts'o
2014-06-25 5:29 ` Nico Williams
2014-06-25 17:42 ` Junio C Hamano
2014-06-25 22:44 ` Theodore Ts'o [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140625224440.GD10397@thunk.org \
--to=tytso@mit.edu \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=jrnieder@gmail.com \
--cc=nico@cryptonector.com \
--cc=sahlberg@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).