Re: [PATCHv3 0/5] verify-commit: verify commit signatures

public inbox for git@vger.kernel.org 
 help / color / mirror / Atom feed

From: Junio C Hamano <gitster@pobox•com>
To: Jeff King <peff@peff•net>
Cc: Michael J Gruber <git@drmicha•warpmail.net>, git@vger•kernel.org
Subject: Re: [PATCHv3 0/5] verify-commit: verify commit signatures
Date: Mon, 23 Jun 2014 14:23:20 -0700	[thread overview]
Message-ID: <xmqqoaxjb9rr.fsf@gitster.dls.corp.google.com> (raw)
In-Reply-To: <20140623210930.GB15766@sigill.intra.peff.net> (Jeff King's message of "Mon, 23 Jun 2014 17:09:31 -0400")

Jeff King <peff@peff•net> writes:

> On Mon, Jun 23, 2014 at 10:52:38AM -0700, Junio C Hamano wrote:
>
>> > The one thing that does give me pause is that we do not seem to have any
>> > way of accessing mergetag signatures. We should perhaps stop and think
>> > for a second about how we might expose those (and whether it would fit
>> > into the "git-verify-{commit,tag}" paradigm). I am tempted to say that
>> > "git verify-tag" on a commit should verify the mergetag (right now it
>> > would simply be an error). But I haven't though that hard on it.
>> 
>> I agree that "verify-commit" that lives next to "verify-tag" is fine
>> and does not have to wait for a unified "verify" that may not even
>> be a good idea, but if we were to verify the mergetags in one of
>> these "verify-$OBJECTTYPE" commands, I would think "verify-commit"
>> should be the one to check them, for the simple reason that they
>> appear in "commit" objects, not in "tag" objects.
>
> My thinking was the opposite: it is a signature on a tag, but that
> signature happens to be stuffed into a commit object. But I do not have
> a strong feeling either way.

Well, the whole point of storing mergetag inside commit objects is
so that these transient "please pull, here is a tag to prove you
that it is from me" tags do not have to be kept in the history;
hence people who are following along only see commits and not tags.
The signature being sent via a signed tag from the requestor to the
integrator is merely an implementation detail after the mergetag is
recorded and when people would want to verify them.

So...

next prev parent reply	other threads:[~2014-06-23 21:23 UTC|newest]

Thread overview: 75+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-06-06 14:15 [PATCH 0/3] verify-commit: verify commit signatures Michael J Gruber
2014-06-06 14:15 ` [PATCH 1/3] pretty: free the gpg status buf Michael J Gruber
2014-06-06 14:15 ` [PATCH 2/3] gpg-interface: provide access to the payload Michael J Gruber
2014-06-13  7:55   ` Jeff King
2014-06-13  9:44     ` Michael J Gruber
2014-06-13 10:34       ` Jeff King
2014-06-06 14:15 ` [PATCH 3/3] verify-commit: scriptable commit signature verification Michael J Gruber
2014-06-11 19:48   ` Michael J Gruber
2014-06-13  8:02   ` Jeff King
2014-06-13  9:55     ` Michael J Gruber
2014-06-13 11:09       ` Jeff King
2014-06-13 17:06         ` Junio C Hamano
2014-06-16  9:21           ` Michael J Gruber
2014-06-16 19:54           ` Jeff King
2014-06-16 20:34             ` Junio C Hamano
2014-06-16 20:39               ` Jeff King
2014-06-27 12:31                 ` Michael J Gruber
2014-06-27 12:49                   ` Michael J Gruber
2014-06-27 13:06                     ` Michael J Gruber
2014-06-27 13:18                       ` [PATCH] log: correctly identify mergetag signature verification status Michael J Gruber
2014-06-28  0:44                         ` Jeff King
2014-07-10 22:27                           ` Junio C Hamano
2014-06-27 13:50                     ` [PATCH 3/3] verify-commit: scriptable commit signature verification Michael J Gruber
2014-06-27 18:55                       ` Junio C Hamano
2014-06-27 18:36                     ` Junio C Hamano
2014-06-28  0:32                       ` Jeff King
2014-06-30  6:14                         ` Junio C Hamano
2014-06-13 10:42 ` [PATCHv2 0/6] verify-commit: verify commit signatures Michael J Gruber
2014-06-13 10:42   ` [PATCHv2 1/6] pretty: free the gpg status buf Michael J Gruber
2014-06-13 11:39     ` Jeff King
2014-06-13 10:42   ` [PATCHv2 2/6] gpg-interface: provide access to the payload Michael J Gruber
2014-06-13 10:42   ` [PATCHv2 3/6] verify-commit: scriptable commit signature verification Michael J Gruber
2014-06-13 11:19     ` Jeff King
2014-06-13 11:45       ` Michael J Gruber
2014-06-13 11:50         ` Jeff King
2014-06-13 12:12           ` Michael J Gruber
2014-06-13 10:42   ` [PATCHv2 4/6] t7510: exit for loop with test result Michael J Gruber
2014-06-13 11:46     ` Jeff King
2014-06-13 12:04       ` Michael J Gruber
2014-06-13 12:22         ` Michael J Gruber
2014-06-13 12:33           ` Michael J Gruber
2014-06-13 12:45             ` Jeff King
2014-06-13 12:54             ` Johannes Sixt
2014-06-13 13:06               ` Michael J Gruber
2014-06-13 13:21                 ` Johannes Sixt
2014-06-13 13:30                   ` Jeff King
2014-06-13 13:31                   ` Michael J Gruber
2014-06-13 13:42                     ` Johannes Sixt
2014-06-13 18:23       ` Junio C Hamano
2014-06-13 10:42   ` [PATCHv2 5/6] t7510: test verify-commit Michael J Gruber
2014-06-13 11:51     ` Jeff King
2014-06-13 12:14       ` Michael J Gruber
2014-06-13 18:16         ` Junio C Hamano
2014-06-13 10:42   ` [PATCHv2 6/6] gpg-interface: provide clear helper for struct signature_check Michael J Gruber
2014-06-23  7:05   ` [PATCHv3 0/5] verify-commit: verify commit signatures Michael J Gruber
2014-06-23  7:05     ` [PATCHv3 1/5] gpg-interface: provide clear helper for struct signature_check Michael J Gruber
2014-06-23  7:05     ` [PATCHv3 2/5] gpg-interface: provide access to the payload Michael J Gruber
2014-06-23  7:05     ` [PATCHv3 3/5] verify-commit: scriptable commit signature verification Michael J Gruber
2014-06-23  7:05     ` [PATCHv3 4/5] t7510: exit for loop with test result Michael J Gruber
2014-06-23  7:05     ` [PATCHv3 5/5] t7510: test verify-commit Michael J Gruber
2014-06-23 23:02       ` Junio C Hamano
2014-06-23 17:28     ` [PATCHv3 0/5] verify-commit: verify commit signatures Jeff King
2014-06-23 17:52       ` Junio C Hamano
2014-06-23 21:09         ` Jeff King
2014-06-23 21:23           ` Junio C Hamano [this message]
2014-06-27 14:13             ` [PATCHv4 0/4] " Michael J Gruber
2014-06-27 14:13               ` [PATCHv4 1/4] gpg-interface: provide clear helper for struct signature_check Michael J Gruber
2014-06-27 14:13               ` [PATCHv4 2/4] gpg-interface: provide access to the payload Michael J Gruber
2014-06-27 14:13               ` [PATCHv4 3/4] verify-commit: scriptable commit signature verification Michael J Gruber
2014-06-27 14:13               ` [PATCHv4 4/4] t7510: test verify-commit Michael J Gruber
2014-06-27 19:32                 ` Junio C Hamano
2014-06-27 20:26                   ` Michael J Gruber
2014-06-27 19:07               ` [PATCHv4 0/4] verify-commit: verify commit signatures Junio C Hamano
2014-06-28  0:48                 ` Jeff King
2014-06-28  0:49               ` Jeff King

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=xmqqoaxjb9rr.fsf@gitster.dls.corp.google.com \
    --to=gitster@pobox$(echo .)com \
    --cc=git@drmicha$(echo .)warpmail.net \
    --cc=git@vger$(echo .)kernel.org \
    --cc=peff@peff$(echo .)net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox