From: Sam Vilain <sam@vilain•net>
To: Linus Torvalds <torvalds@linux-foundation•org>
Cc: Chow Loong Jin <hyperair@gmail•com>, git@vger•kernel.org
Subject: Re: GPG signing for git commit?
Date: Mon, 06 Apr 2009 18:05:38 +1200 [thread overview]
Message-ID: <49D99BB2.2090906@vilain.net> (raw)
In-Reply-To: <alpine.LFD.2.00.0904031535140.3915@localhost.localdomain>
Linus Torvalds wrote:
> On Sat, 4 Apr 2009, Chow Loong Jin wrote:
>
>> It crossed my mind that currently git commits cannot actually be
>> verified to be authentic, due to the fact that I can just set my
>> identity to be someone else, and then commit under their name.
>>
>
> You can't do that.
>
> Well, you can, but it's always going to be inferior to just adding a tag.
>
> The thing is, what is it you want to protect? The tree, the authorship,
> the committer info, the commit log, what?
>
[...]
> Btw, there's a final reason, and probably the really real one. Signing
> each commit is totally stupid. It just means that you automate it, and you
> make the signature worth less. It also doesn't add any real value, since
> the way the git DAG-chain of SHA1's work, you only ever need _one_
> signature to make all the commits reachable from that one be effectively
> covered by that one. So signing each commit is simply missing the point.
>
> IOW, you don't _ever_ have a reason to sign anythign but the "tip". The
> only exception is the "go back and re-sign", but that's the one that
> requires external signatures anyway.
>
> So be happy with 'git tag -s'. It really is the right way.
>
Linus I agree with these points - I'd just like to point you to the new
mirror-sync design document. Under Documentation/git-mirror-sync.txt on
http://github.com/samv/git/tree/mirror-sync - and an implementation plan
outlined in Documentation/git-mirror-sync-impl.txt
This system allows for *pushes* to be signed and in general laying the
foundation for knowing that commits are authentic without the intrusion
into the refs/tags/* space that making lots of signed tags would imply.
The idea is to put 'packed-refs' contents (or a moral equivalent) in tag
bodies. It is really a new type of object, but it's sufficiently similar
to a tag that I thought I'd just go and go with that design for now.
Anyway if you're curious take a look, otherwise wait for the formal
submission once I've got something better together...
Sam
next prev parent reply other threads:[~2009-04-06 6:07 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-04-03 21:25 GPG signing for git commit? Chow Loong Jin
2009-04-03 22:54 ` Linus Torvalds
2009-04-06 6:05 ` Sam Vilain [this message]
2009-04-15 18:55 ` Robin H. Johnson
2009-04-15 19:20 ` Shawn O. Pearce
2009-04-15 22:29 ` Robin H. Johnson
2009-04-16 14:27 ` Shawn O. Pearce
2009-04-17 3:42 ` Sitaram Chamarty
2009-04-17 12:01 ` Jeff King
2009-04-17 18:36 ` Sitaram Chamarty
2009-04-21 20:27 ` Jeff King
2009-05-07 5:30 ` Nguyen Thai Ngoc Duy
2009-05-08 19:03 ` Robin H. Johnson
2009-05-10 22:53 ` Nguyen Thai Ngoc Duy
2009-05-11 10:39 ` Nguyen Thai Ngoc Duy
2009-04-07 17:55 ` Jakub Narebski
2009-04-07 18:04 ` Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49D99BB2.2090906@vilain.net \
--to=sam@vilain$(echo .)net \
--cc=git@vger$(echo .)kernel.org \
--cc=hyperair@gmail$(echo .)com \
--cc=torvalds@linux-foundation$(echo .)org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox