Ingo Molnar <mingo@xxxxxxx> writes:
> * Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:
>
>> That said, even the "BEGIN PGP SIGNED MESSAGE" things are a massive
>> pain in the butt. We need to automate this some sane way, both for
>> the sender and for the recipient.
>
> The most practical form would be if Git supported such oneliner pull
> requests:
>
> git pull git://foo.com bar.branch \
> --pull-sha1 0acf00014bcfd71090c3b0d43c98e970108064e4 \
> --gpg-by: "Ingo Molnar <mingo@xxxxxxxxxx>" \
> --gpg-sig: 8a6f134afd1d212fe21345
>
> maintainers could just paste them into a shell and it would abort if
> it's not trusted. The maintainer verifies the visible, 'Ingo Molnar'
> bit. The 8a6f134afd1d212fe21345 is a signed-by-Ingo-Molnar version of
> this content:
>
> git://foo.com bar.branch 0acf00014bcfd71090c3b0d43c98e970108064e4
As a command line syntax, I think the new "--flag"s should all come
before non flag options to the "pull" subcommand, i.e.
git pull --sha1 0acf00014bcfd71090c3b0d43c98e970108064e4 \
--gpg-by "Ingo Molnar <mingo@xxxxxxxxxx>" \
git://foo.com bar.branch
I do not understand what you meant by that "8a6f13...". When I run
$ echo "git://foo.com bar.branch 0acf00014bcfd71090c3b0d43c98e970108064e4" |
gpg -sa
I would get about 20 lines of solid gibberish, nothing close to that
clean and concise 20-or-so character sequence.
In any case, I do not think that "this site, that branch" information is
essential for the purpose of validation. I think I saw Linus responding to
a pull request saying "Your pull request says master but I found nothing
there; I assume you meant for-linus branch" or something similar, and as
long as that matches the expectation of the contributor, especially if you
specify "I want you to get _this_ commit" in your request-pull message, it
should not matter how/where Linus gets the history leading to that commit.
As "git-pull" is still a scripted Porcelain, interested people should be
able to experiment this idea by doing something like this:
1. The requestor signs the tip commit to be fetched with the version of
git from the "next" branch, i.e. "git commit -S", and pushes it to his
publishing location;
2. Around line 207, "git pull" spawns "git fetch", stops if dry-run. At
that point, you can:
- parse FETCH_HEAD and verify the SHA-1 matches what you got from the
command line;
- run "git show -s --show-signature FETCH_HEAD" (again, use the
version of git from the "next" branch) to let GPG parse the
signature.
and stop if either test fails.
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html