From: "brian m. carlson" <sandals@crustytoothpaste•net>
To: Christian Couder <christian.couder@gmail•com>
Cc: git@vger•kernel.org, Junio C Hamano <gitster@pobox•com>,
Patrick Steinhardt <ps@pks•im>, Elijah Newren <newren@gmail•com>,
Jeff King <peff@peff•net>,
Johannes Schindelin <Johannes.Schindelin@gmx•de>,
Christian Couder <chriscool@tuxfamily•org>
Subject: Re: [PATCH] fast-(import|export): improve on the signature algorithm name
Date: Thu, 24 Apr 2025 22:05:18 +0000 [thread overview]
Message-ID: <aAq1nvcPRlIPal5l@tapette.crustytoothpaste.net> (raw)
In-Reply-To: <20250424203904.909777-1-christian.couder@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1313 bytes --]
On 2025-04-24 at 20:39:04, Christian Couder wrote:
> Here <alg> specifies which hashing algorithm is used for this
> -signature, either `sha1` or `sha256`.
> +signature. Current valid values are:
> +
> +* "openpgp" for SHA-1 OpenPGP signatures,
> +
> +* "sha256" for SHA-256 OpenPGP signatures,
> +
> +* "x509" for X.509 (GPGSM) signatures,
> +
> +* "ssh", for SSH signatures,
> +
> +* "unknown" for signatures that can't be identified (a warning is
> + emitted).
I don't think this is a good set of options. We can have SHA-1 or
SHA-256 options for any of the three. If I create a SHA-256 commit and
sign it with SSH, then it couldn't be exported with this type.
It is even possible and valid to create a signature over the SHA-1
content of an object and sign it with one protocol, say, OpenPGP, and
then create a signature over the SHA-256 content of the object and sign
it with a different one, such as SSH. Git does not natively support
this, but it is possible to do by hand.
These should be separate fields: one for the hash algorithm and one for
the protocol. Alternatively, we can just keep the hash algorithm field
and parse the protocol by reading the first line, which will differ for
different protocols.
--
brian m. carlson (they/them)
Toronto, Ontario, CA
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 325 bytes --]
next prev parent reply other threads:[~2025-04-24 22:05 UTC|newest]
Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-24 20:39 [PATCH] fast-(import|export): improve on the signature algorithm name Christian Couder
2025-04-24 21:19 ` Junio C Hamano
2025-04-24 21:59 ` Elijah Newren
2025-04-24 22:58 ` Junio C Hamano
2025-05-26 10:35 ` Christian Couder
2025-05-27 15:18 ` Junio C Hamano
2025-05-28 17:29 ` Junio C Hamano
2025-05-28 20:06 ` Elijah Newren
2025-05-28 21:59 ` Junio C Hamano
2025-05-28 23:15 ` Elijah Newren
2025-05-29 3:14 ` Junio C Hamano
2025-06-02 15:56 ` Christian Couder
2025-06-02 15:56 ` Christian Couder
2025-06-02 16:20 ` Junio C Hamano
2025-05-26 10:34 ` Christian Couder
2025-04-24 21:41 ` Elijah Newren
2025-05-26 10:34 ` Christian Couder
2025-04-24 22:05 ` brian m. carlson [this message]
2025-05-26 10:35 ` Christian Couder
2025-04-24 23:25 ` Junio C Hamano
2025-05-26 10:33 ` [PATCH v2 0/6] extract algo information from signatures Christian Couder
2025-05-26 10:33 ` [PATCH v2 1/6] gpg-interface: simplify ssh fingerprint parsing Christian Couder
2025-05-26 10:33 ` [PATCH v2 2/6] gpg-interface: use left shift to define GPG_VERIFY_* Christian Couder
2025-05-26 10:33 ` [PATCH v2 3/6] doc/verify-commit: update and improve the whole doc Christian Couder
2025-05-26 10:33 ` [PATCH v2 4/6] gpg-interface: extract hash algorithm from signature status output Christian Couder
2025-05-26 10:33 ` [PATCH v2 5/6] gpg-interface: extract SSH key type " Christian Couder
2025-05-26 10:33 ` [PATCH v2 6/6] verify-commit: add a --summary flag Christian Couder
2025-05-26 16:03 ` [PATCH v2 0/6] extract algo information from signatures Elijah Newren
2025-06-19 13:38 ` Christian Couder
2025-06-02 22:17 ` brian m. carlson
2025-06-19 13:37 ` Christian Couder
2025-06-18 15:18 ` [PATCH v3] fast-(import|export): improve on commit signature output format Christian Couder
2025-06-19 13:36 ` [PATCH v4] " Christian Couder
2025-06-19 14:55 ` Junio C Hamano
2025-07-08 9:16 ` Christian Couder
2025-06-19 21:44 ` Elijah Newren
2025-06-20 16:12 ` Christian Couder
2025-06-20 19:20 ` Junio C Hamano
2025-07-08 9:16 ` Christian Couder
2025-06-26 19:11 ` Elijah Newren
2025-07-08 9:16 ` Christian Couder
2025-07-07 22:58 ` Junio C Hamano
2025-07-08 3:35 ` Christian Couder
2025-07-08 5:03 ` Junio C Hamano
2025-07-08 6:38 ` Patrick Steinhardt
2025-07-08 11:08 ` Christian Couder
2025-07-08 16:38 ` Junio C Hamano
2025-07-09 0:19 ` Christian Couder
2025-07-09 15:35 ` Junio C Hamano
2025-07-10 8:25 ` Patrick Steinhardt
2025-07-10 15:29 ` Christian Couder
2025-07-10 15:33 ` Junio C Hamano
2025-07-08 10:17 ` Christian Couder
2025-07-08 9:17 ` [PATCH v5] " Christian Couder
2025-07-08 21:58 ` Junio C Hamano
2025-07-08 23:08 ` Elijah Newren
2025-07-09 0:03 ` Junio C Hamano
2025-07-09 0:10 ` Elijah Newren
2025-07-09 10:18 ` Christian Couder
2025-07-09 10:15 ` Christian Couder
2025-07-09 14:12 ` [PATCH v6] " Christian Couder
2025-07-09 23:14 ` Junio C Hamano
2025-07-14 21:07 ` Elijah Newren
2025-07-14 21:23 ` Junio C Hamano
2025-07-25 16:11 ` Christian Couder
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aAq1nvcPRlIPal5l@tapette.crustytoothpaste.net \
--to=sandals@crustytoothpaste$(echo .)net \
--cc=Johannes.Schindelin@gmx$(echo .)de \
--cc=chriscool@tuxfamily$(echo .)org \
--cc=christian.couder@gmail$(echo .)com \
--cc=git@vger$(echo .)kernel.org \
--cc=gitster@pobox$(echo .)com \
--cc=newren@gmail$(echo .)com \
--cc=peff@peff$(echo .)net \
--cc=ps@pks$(echo .)im \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox