From: Sam Vilain <sam@vilain.net>
To: Junio C Hamano <gitster@pobox.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
git@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [Survey] Signed push
Date: Tue, 13 Sep 2011 17:31:21 -0700 [thread overview]
Message-ID: <4E6FF5D9.3080709@vilain.net> (raw)
In-Reply-To: <7vaaa8xufi.fsf@alter.siamese.dyndns.org>
On 9/13/11 9:45 AM, Junio C Hamano wrote:
> * You push out your work with "git push -s";
>
> * "git push" prepares a "push certificate" (it is meant to certify "these
> are the commits I place at the tips of these refs"), which is a human
> and machine readable text file in core, that may look like this:
>
> Push-Certificate-Version: 0
> Pusher: Junio C Hamano<gitster@pobox.com>
> Update: 3793ac56b4c4f9bf0bddc306a0cec21118683728 refs/heads/master
> Update: 12850bec0c24b529c9a9df6a95ad4bdeea39373e refs/heads/next
>
> and asks you to GPG sign it. You only unlock your GPG key and the
> command internally runs GPG, just like "tag -s".
>
> * When "git push" finishes, the receiving end has this record in its
> refs/notes/signed-push notes tree, together with your previous pushes
> (as this is not a shared repository, it will record only your pushes).
> The notes annnotate the commits named on the "Update:" lines above.
If the push certificate also has the previous commit IDs for the changed
refs, then you actually have an audit log. Otherwise, it does not
certify the commit range they pushed.
This is an important prerequisite for a fully distributed, peer to peer
git. For this case it would also need something to distinguish which
repository is to be updated; such as a canonical repository URL (or list
of URLs), or just a short project name. A P2P protocol can then know
projects as (KEYID, projectname).
Sam
next prev parent reply other threads:[~2011-09-14 0:39 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-09-13 16:45 [Survey] Signed push Junio C Hamano
2011-09-14 0:31 ` Sam Vilain [this message]
[not found] ` <CA+55aFxAQTR3sT7gekAD4qih8J+z-qwri7ZmNCPUd811xgci6w@mail.gmail.com>
2011-09-14 7:06 ` Fwd: " Linus Torvalds
2011-09-14 19:35 ` Andy Lutomirski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E6FF5D9.3080709@vilain.net \
--to=sam@vilain.net \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox