Re: [git patches] libata updates, GPG signed (but see admin notes)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ingo Molnar <mingo@xxxxxxx> writes:

> * Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:
>
>> That said, even the "BEGIN PGP SIGNED MESSAGE" things are a massive 
>> pain in the butt. We need to automate this some sane way, both for 
>> the sender and for the recipient.
>
> The most practical form would be if Git supported such oneliner pull 
> requests:
>
>  git pull git://foo.com bar.branch                           \
>   --pull-sha1 0acf00014bcfd71090c3b0d43c98e970108064e4       \
>   --gpg-by: "Ingo Molnar <mingo@xxxxxxxxxx>"                 \
>   --gpg-sig: 8a6f134afd1d212fe21345
>
> maintainers could just paste them into a shell and it would abort if 
> it's not trusted. The maintainer verifies the visible, 'Ingo Molnar' 
> bit. The 8a6f134afd1d212fe21345 is a signed-by-Ingo-Molnar version of 
> this content:
>
>     git://foo.com bar.branch 0acf00014bcfd71090c3b0d43c98e970108064e4

As a command line syntax, I think the new "--flag"s should all come
before non flag options to the "pull" subcommand, i.e.

    git pull --sha1 0acf00014bcfd71090c3b0d43c98e970108064e4 \
    	     --gpg-by "Ingo Molnar <mingo@xxxxxxxxxx>" \
             git://foo.com bar.branch

I do not understand what you meant by that "8a6f13...". When I run

    $ echo "git://foo.com bar.branch 0acf00014bcfd71090c3b0d43c98e970108064e4" |
      gpg -sa

I would get about 20 lines of solid gibberish, nothing close to that
clean and concise 20-or-so character sequence.

In any case, I do not think that "this site, that branch" information is
essential for the purpose of validation. I think I saw Linus responding to
a pull request saying "Your pull request says master but I found nothing
there; I assume you meant for-linus branch" or something similar, and as
long as that matches the expectation of the contributor, especially if you
specify "I want you to get _this_ commit" in your request-pull message, it
should not matter how/where Linus gets the history leading to that commit.

As "git-pull" is still a scripted Porcelain, interested people should be
able to experiment this idea by doing something like this:

 1. The requestor signs the tip commit to be fetched with the version of
    git from the "next" branch, i.e. "git commit -S", and pushes it to his
    publishing location;

 2. Around line 207, "git pull" spawns "git fetch", stops if dry-run. At
    that point, you can:

    - parse FETCH_HEAD and verify the SHA-1 matches what you got from the
      command line;

    - run "git show -s --show-signature FETCH_HEAD" (again, use the
      version of git from the "next" branch) to let GPG parse the
      signature.

    and stop if either test fails.

--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]