Re: Commit signing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Johannes Schindelin <Johannes.Schindelin@xxxxxx> wrote:
> On Mon, 15 Jan 2007, Shawn O. Pearce wrote:
> > A commit-msg hook could probably implement the signing.
> 
> But it would only sign the _message_. You would have to sign the whole 
> _raw_ commit message, to include also the ancestry. But there is no hook 
> _between_ constructing that _raw_ commit message and actually writing the 
> commit object (this would have to be in builtin-commit-tree.c:151).

Sorry, I was assuming people knew what was in the grey matter
upstairs.  :-)

I meant to say something along the lines of:

  A commit-msg hook could probably implement the signing.  However
  doing that would require generating the raw commit data using the
  current timestamp, and that would require having git-commit.sh set
  the timestamp into GIT_COMMITTER_DATE and GIT_AUTHOR_DATE before
  it runs the hook, or before git-commit-tree.  Clearly an ugly mess.

Johannes is right.  A proper signing would probably need to be done
in commit-tree itself.  Or commit-tree would need to be invoked to
create a dummy commit, fetch it back out with cat-file, sign that,
then regenerate the commit with the same prior timestamps.  Ugly.

But I don't really see a need for commit signing in Git.  The best
way to shuttle commits around in Git-space is through published
repositories.  You probably want to grab whatever is on that
repository, and you either trust the repository owner or you don't.
If you don't trust the owner, but you trust the pusher, than using
1 annotated tag per push is reasonable and gives you something
to verify the repository owner isn't playing games.  If you don't
trust the pusher than you should be reviewing the changes before
deciding to keep them in your project.

But even then annotated tags are overkill.  You could just
receive the commit SHA1 out-of-band from the pusher (e.g. email,
like Junio's hidden X-master-at header) and verify that by hand.
8 digits is probably more than enough to hand-verify the entire
commit chain you are receiving.

-- 
Shawn.
-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]