From: "nick" <nick@nicholasjohnson.ch>
To: "Junio C Hamano" <gitster@pobox.com>
Cc: <git@vger.kernel.org>
Subject: Re: Git Privacy
Date: Fri, 14 Jul 2023 09:22:44 +0000 [thread overview]
Message-ID: <CU1SAE4WGP3X.3R7TTIWFSHGDI@anonymous> (raw)
In-Reply-To: <xmqqlefjpwif.fsf@gitster.g>
> "nick" <nick@nicholasjohnson.ch> writes:
>
> > hooks. Perhaps a config option to automatically set the date to a time
> > before Git was invented?
>
> [...] I am not yet convinced that it is worth the engineering effort
> for this project to review, accept and maintain changes to implement
> it.
Upon further thought, given that it's already pretty easy to accomplish
timestamp obfuscation, albeit clumsy, I concede that it may not be worth
the engineering effort to implement my original suggestion. So I'll drop
it.
However, I think it is worth the effort for the time zones. Is there any
reason Git doesn't automatically convert local time to UTC in timestamps
to prevent leaking the developer's time zone?
It seems like a simple change that would be good for the developer's
privacy without harming Git in any way. It would also be easy to
implement as backwards-compatible.
I've been told this idea was already mentioned, but it has been ignored
for some time:
https://git.issues.gerritcodereview.com/issues/40000039
The sooner it's addressed, the better since it means less personal
information leakage.
> After all, if you leave series of commits that stress the fact that
> you not just fail to keep, but do deliberately avoid to keep, a
> reliable record of when you made your changes, half the value of
> keeping your work in source code management system vanishes. When
> somebody comes to your project and says certain parts of your code
> were stolen from their proprietary IP, wouldn't you rather be able
> to produce the record of who did what at which time to refute their
> claim by showing that your project members invented the code long
> before they claim they were stolen from them?
Thank you for bringing this up. This was not an angle I considered when
writing my repo git-privacy, but now I'll definitely warn about it there.
Your feedback above would not apply to the UTC time zone proposal I
linked to though. There is a good reason to implement it and, as far as
I can think of, no reason not to.
next prev parent reply other threads:[~2023-07-14 9:22 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-13 16:27 Git Privacy nick
2023-07-13 17:11 ` Junio C Hamano
2023-07-14 9:22 ` nick [this message]
2023-07-14 16:45 ` Junio C Hamano
2023-07-15 4:32 ` nick
2023-07-16 11:47 ` René Scharfe
2023-07-16 22:52 ` nick
2023-07-17 2:36 ` Junio C Hamano
2023-07-17 2:57 ` Junio C Hamano
2023-07-17 5:36 ` nick
2023-07-17 20:57 ` Theodore Ts'o
2023-07-17 22:49 ` nick
2023-07-17 16:37 ` Junio C Hamano
2023-07-16 23:07 ` nick
2023-07-16 23:27 ` Jason Pyeron
2023-07-17 4:20 ` nick
2023-07-18 21:59 ` brian m. carlson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CU1SAE4WGP3X.3R7TTIWFSHGDI@anonymous \
--to=nick@nicholasjohnson.ch \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).