From: Jeff King <peff@peff.net>
To: Junio C Hamano <gitster@pobox.com>
Cc: larsxschneider@gmail.com, git@vger.kernel.org
Subject: Re: [RFC/PATCH v1] Add Travis CI support
Date: Fri, 25 Sep 2015 14:52:27 -0400 [thread overview]
Message-ID: <20150925185227.GA15190@sigill.intra.peff.net> (raw)
In-Reply-To: <xmqqa8sa4ak4.fsf@gitster.mtv.corp.google.com>
On Fri, Sep 25, 2015 at 11:29:31AM -0700, Junio C Hamano wrote:
> When I finally complain to the hosting site that it is deliberately
> rejecting the fix that would rob them the illicit revenue source, it
> does not help the hosting site to keep copies of push certificates
> when it wants to refute such a complaint. "We publish all push
> certificates and there is no record that gitster already tried to
> fix the issue" has to be taken with faith in that scenario.
Right. Your earlier examples showed non-repudiation by the original
signer (the hosting site says "you definite pushed this to us, and here
is the signature to prove it, so you cannot deny it"). But in this
example, it is going the other way: the pusher wants the hosting site to
admit to an action.
To do that, the hosting site would have to re-sign the push cert to say
"we got this, it is published", and return the receipt to the original
pusher, who can then use it as proof of the event. Or alternatively, it
could be signed by a third-party notary.
I don't think it is all that interesting an avenue to pursue, though. If
you say "I have this update and the hosting site is not providing it to
people", people are not that interested in whether the hosting site is
being laggy, malicious, or whatever. They are interested in getting your
update. :)
So the more general problem is "I want to make sure I have Junio's
latest push, and I do not want to trust anything else". For that, you
could publish expiring certs (so you can fool me for up to, say, a week,
but after that I consider the old certs to be garbage either way). Or
you could do something clever with a quorum (e.g., N of K hosting sites
say there is no update, so there probably isn't one).
But I think all of that is outside of git's scope. Git provides the
signed ref-state in the form of a push cert. Since it's a small-ish blob
of data, you can use any external mechanism you want to decide on the
correct value of it.
> > So I wonder if it would be
> > helpful to have a microformat that the client would use to look at this.
> > E.g., it would fetch the cert tree, then confirm that the current ref
> > values match the latest cert.
>
> Yeah, that is one possibility. Just a single flat file that
> concatenates all the push cert in the received order would do as an
> export format, too ;-)
I agree that's a more logical format, in a sense; it really is a linear
log. It's just that the receive-pack code already creates a blob for us,
so it's cheap to reference that in tree (and then fetching it is cheap,
too). IOW, git is much better at adding files to trees than it is at
appending to files. :)
-Peff
next prev parent reply other threads:[~2015-09-25 18:52 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-24 21:43 [RFC/PATCH v1] Add Travis CI support larsxschneider
2015-09-24 21:43 ` larsxschneider
2015-09-25 0:41 ` Junio C Hamano
2015-09-25 3:14 ` Dennis Kaarsemaker
2015-09-25 7:27 ` Johannes Schindelin
2015-09-25 8:05 ` Luke Diamand
2015-09-25 17:41 ` Junio C Hamano
2015-09-26 16:40 ` Lars Schneider
2015-09-27 12:11 ` Matthieu Moy
2015-09-28 17:21 ` Stefan Beller
2015-09-28 17:37 ` Matthieu Moy
2015-09-28 18:47 ` Junio C Hamano
2015-09-28 19:07 ` Matthieu Moy
2015-10-03 22:23 ` Roberto Tyley
2015-10-04 1:27 ` Junio C Hamano
2015-10-04 1:37 ` Junio C Hamano
2015-10-04 8:13 ` Dennis Kaarsemaker
2015-10-04 12:51 ` Johannes Schindelin
2015-10-04 7:59 ` Matthieu Moy
2015-10-04 17:46 ` Junio C Hamano
2015-10-04 18:06 ` Dennis Kaarsemaker
2015-10-05 6:54 ` Matthieu Moy
2015-10-05 16:51 ` Junio C Hamano
2015-10-12 8:03 ` Sebastian Schuberth
2015-10-04 17:59 ` Junio C Hamano
2015-10-04 3:34 ` Jeff King
2015-10-02 16:40 ` Sebastian Schuberth
2015-09-25 16:26 ` Jeff King
2015-09-25 18:29 ` Junio C Hamano
2015-09-25 18:52 ` Jeff King [this message]
2015-09-26 21:54 ` Shawn Pearce
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150925185227.GA15190@sigill.intra.peff.net \
--to=peff@peff.net \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=larsxschneider@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).