From: "David A. Wheeler" <dwheeler@dwheeler.com>
To: Paul Jakma <paul@clubi.ie>
Cc: Linus Torvalds <torvalds@osdl.org>, Sean <seanlkml@sympatico.ca>,
Thomas Glanzmann <sithglan@stud.uni-erlangen.de>,
David Woodhouse <dwmw2@infradead.org>,
Jan Dittmer <jdittmer@ppp0.net>, Greg KH <greg@kroah.com>,
Kernel Mailing List <linux-kernel@vger.kernel.org>,
Git Mailing List <git@vger.kernel.org>
Subject: Re: Git-commits mailing list feed.
Date: Sun, 24 Apr 2005 21:01:28 -0400 [thread overview]
Message-ID: <426C4168.6030008@dwheeler.com> (raw)
In-Reply-To: <Pine.LNX.4.62.0504250008370.14200@sheen.jakma.org>
On Sat, 23 Apr 2005, Linus Torvalds wrote:
>> That means that we don't "strip them off", because dammit, they DO NOT
>> EXIST as far as git is concerned. This is why a tag-file will _always_
>> start with
>>
>> commit <commit-sha1>
>> tag <tag-name>
>>
>> because that way we can use fsck and validate reachability and have
>> things that want trees (or commits) take tag-files instead, and git
>> will automatically look up the associated tree/commit. And it will do
>> so _without_ having to understand about signing, since signing is for
>> trust between _people_ not for git.
>
>> And that is why I from the very beginning tried to make ti very clear
>> that the signature goes at the end. Not at the beginning, not in the
>> middle, and not in a different file. IT GOES AT THE END.
It may be better to have them as simple detached signatures, which are
completely separate files (see gpg --detached).
Yeah, gpg currently implements detached signatures
by repeating what gets signed, which is unfortunate,
but the _idea_ is the right one.
Paul Jakma wrote:
> Ideally, there'd be an index of signature objects by the SHA-1 sum of
> the object they sign, as the signed object should not refer to the
> signature (or the second of the above is not possible).
Yes, and see my earlier posting. It'd be easy to store signatures in
the current objects directory, of course. The trick is to be able
to go from signed-object to the signature; this could be done
just by creating a subdirectory using a variant of
the name of the signed-object's file, and in that directory store the
hash values of the signatures. E.G.:
00/
3b128932189018329839019 <- object to sign
3b128932189018329839019.d/
0143709289032890234323451
01/
43709289032890234323451 <- signature
> The latter of the two points would, in combination with the former,
> allow for cryptographic 'signed-off-by' chains. If a 'commit' is signed
> by $RANDOM_CONTRIBUTOR and $SUBSYSTEM_MAINTAINER and $ANDREW, you know
> its time to pull it. Would also work for things like "fixes only" trees,
> where (say) a change must be approved by X/2+1 of a group of X hacker
> providing oversight -> looking up the commit object's signatures would
> tell you whether it was approved.
Right. Lots of tricks you can do once the signatures are there,
such as checking to counter repository subversion
(did everything get signed), finding out who introduced a malicious
line of code (& "proving" what key signed it first), etc.
There are LOTS of reasons for storing signatures so that they can
be checked later on, just like there are lots of reasons for storing
old code... they give you evidence that the reputed history is true
(and if you doubt it, they give you a way to limit the doubt).
--- David A. Wheeler
next prev parent reply other threads:[~2005-04-25 0:54 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <200504210422.j3L4Mo8L021495@hera.kernel.org>
[not found] ` <1114079347.6277.29.camel@laptopd505.fenrus.org>
2005-04-21 12:23 ` Git-commits mailing list feed David Woodhouse
[not found] ` <42674724.90005@ppp0.net>
[not found] ` <20050422002922.GB6829@kroah.com>
[not found] ` <426A4669.7080500@ppp0.net>
[not found] ` <1114266083.3419.40.camel@localhost.localdomain>
[not found] ` <426A5BFC.1020507@ppp0.net>
[not found] ` <1114266907.3419.43.camel@localhost.localdomain>
2005-04-23 17:31 ` Linus Torvalds
2005-04-23 17:45 ` Linus Torvalds
2005-04-23 17:50 ` Fabian Franz
2005-04-23 23:16 ` Andreas Gal
2005-04-23 17:50 ` Sean
2005-04-23 19:02 ` Thomas Glanzmann
2005-04-23 18:14 ` Sean
2005-04-23 19:34 ` Linus Torvalds
2005-04-23 17:54 ` Thomas Glanzmann
2005-04-23 18:30 ` Linus Torvalds
2005-04-23 18:06 ` Sean
2005-04-23 19:38 ` Linus Torvalds
2005-04-23 18:44 ` Sean
2005-04-23 19:58 ` Linus Torvalds
2005-04-23 19:57 ` Junio C Hamano
2005-04-23 20:23 ` Linus Torvalds
2005-04-23 20:24 ` Junio C Hamano
2005-04-24 23:25 ` Paul Jakma
2005-04-24 23:57 ` Paul Jakma
2005-04-25 1:01 ` David A. Wheeler [this message]
2005-04-25 1:35 ` Paul Jakma
2005-04-25 2:13 ` David A. Wheeler
2005-04-25 3:03 ` Paul Jakma
2005-04-25 3:08 ` Paul Jakma
2005-04-25 1:50 ` Linus Torvalds
2005-04-25 2:17 ` Fabian Franz
2005-04-25 2:39 ` Andreas Gal
2005-04-25 2:44 ` Linus Torvalds
2005-04-25 3:32 ` David A. Wheeler
2005-04-25 9:31 ` David Greaves
2005-04-25 3:08 ` David A. Wheeler
2005-04-25 3:24 ` Paul Jakma
2005-04-25 3:40 ` Paul Jakma
2005-04-25 3:47 ` Paul Jakma
2005-04-25 4:39 ` [PATCH] New option (-H) for rpush/rpull to update HEAD Andreas Gal
2005-04-25 4:47 ` Daniel Barkalow
2005-04-25 4:55 ` Andreas Gal
2005-04-25 5:18 ` Daniel Barkalow
2005-04-25 2:34 ` Git-commits mailing list feed Matt Domsch
2005-04-25 2:43 ` Jan Harkes
2005-04-23 18:39 ` Thomas Glanzmann
2005-04-23 18:44 ` Thomas Glanzmann
2005-04-23 18:46 ` Jan Harkes
2005-04-23 20:01 ` Linus Torvalds
2005-04-23 18:54 ` Junio C Hamano
2005-04-23 18:34 ` Jan Harkes
2005-04-23 19:30 ` Linus Torvalds
2005-04-23 20:49 ` Jan Harkes
2005-04-23 21:28 ` Git transfer protocols (was: Re: Git-commits mailing list feed) Mike Taht
2005-04-23 22:22 ` Jan Harkes
2005-04-23 23:29 ` Git-commits mailing list feed Linus Torvalds
2005-04-23 19:30 ` Suggestion: generalize signed tags into "assertion objects" David A. Wheeler
2005-04-23 20:15 ` Git-commits mailing list feed Jeff Garzik
2005-04-25 1:26 ` David Woodhouse
[not found] <3WtO4-5GW-5@gated-at.bofh.it>
[not found] ` <3WtXG-5Nh-9@gated-at.bofh.it>
[not found] ` <3WtXG-5Nh-7@gated-at.bofh.it>
[not found] ` <3WwLT-848-13@gated-at.bofh.it>
[not found] ` <3WxeV-5S-9@gated-at.bofh.it>
[not found] ` <3WxHT-pv-1@gated-at.bofh.it>
[not found] ` <3Wyb3-Sj-33@gated-at.bofh.it>
[not found] ` <3WyDZ-1a6-7@gated-at.bofh.it>
[not found] ` <3WYRN-5lJ-9@gated-at.bofh.it>
[not found] ` <3X0gU-6u6-5@gated-at.bofh.it>
[not found] ` <3X1G1-7ug-9@gated-at.bofh.it>
2005-04-25 15:47 ` Bodo Eggert <harvested.in.lkml@posting.7eggert.dyndns.org>
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=426C4168.6030008@dwheeler.com \
--to=dwheeler@dwheeler.com \
--cc=dwmw2@infradead.org \
--cc=git@vger.kernel.org \
--cc=greg@kroah.com \
--cc=jdittmer@ppp0.net \
--cc=linux-kernel@vger.kernel.org \
--cc=paul@clubi.ie \
--cc=seanlkml@sympatico.ca \
--cc=sithglan@stud.uni-erlangen.de \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).