From: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
To: Dimitri Sabadie <hadronized@strongly-typed-thoughts.net>
Cc: "brian m. carlson" <sandals@crustytoothpaste.net>, git@vger.kernel.org
Subject: Re: Author signature
Date: Tue, 4 Jun 2024 09:12:19 -0400 [thread overview]
Message-ID: <20240604-omniscient-skinny-dormouse-bfae0a@lemur> (raw)
In-Reply-To: <D1R8VB91BRR6.3M3651RXOQM5Q@strongly-typed-thoughts.net>
On Tue, Jun 04, 2024 at 02:50:49PM GMT, Dimitri Sabadie wrote:
> On the other side, I just had another idea. What would be best to me
> is to actually provide a _proof_ that at least the author acknowledges
> the patch — whether he wrote it or not is another story and I don’t
> think we can enforce that completely. The goal I want to achieve is that
> if I send a patch via email, if the patch ends up committed by someone
> else, I still want to be able to have a proof that “I wrote the patch.”
On the kernel side of things, we're using patatt for this purpose:
https://github.com/mricon/patatt
> So assuming the committer is not of bad faith and doesn’t truncate my
> git commit message… why not simply adding a “sign-off” like line at the
> end of the commit, but instead of just putting a clear text that anyone
> could tamper with, we would sign the date at which the commit was made?
>
> For instance, I could have a git message like:
>
> Fix typo.
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Tue Jun 4 02:49:26 PM CEST 2024
> -----BEGIN PGP SIGNATURE-----
>
> iHUEARYKAB0WIQRsmRqgbXp8KFc3mc6pQ4aopiUuywUCZl8NVgAKCRCpQ4aopiUu
> yyhWAQCScfP28Py0QbHuqzzOFyjAMwdK0LfwiGfYrfzfv0evlAD9Hd+x8NgvPq2p
> nnnG5tQaHeIS/v8PMP0suy3QiWV8WQc=
> =Ru+m
> -----END PGP SIGNATURE-----
>
> If a create another commit later with "Fix typo." as content, then the
> date will be different and the signature won’t be the same.
>
> What do you think?
No, this is not a good solution, if only because the date of the commit can be
freely edited to match whatever is in the signature, and then it can be reused
for any commit at all.
-K
prev parent reply other threads:[~2024-06-04 13:12 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-14 18:31 Author signature Dimitri Sabadie
2024-05-14 19:51 ` brian m. carlson
2024-05-14 20:03 ` Konstantin Ryabitsev
2024-05-14 20:05 ` Konstantin Ryabitsev
2024-06-04 12:50 ` Dimitri Sabadie
2024-06-04 13:12 ` Konstantin Ryabitsev [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240604-omniscient-skinny-dormouse-bfae0a@lemur \
--to=konstantin@linuxfoundation.org \
--cc=git@vger.kernel.org \
--cc=hadronized@strongly-typed-thoughts.net \
--cc=sandals@crustytoothpaste.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox