Re: Use case (was Re: Should branches be objects?)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jun 25, 2014 at 10:42:49AM -0700, Junio C Hamano wrote:
> Nico Williams <nico@xxxxxxxxxxxxxxxx> writes:
> 
> > On Tue, Jun 24, 2014 at 6:09 AM, Theodore Ts'o <tytso@xxxxxxx> wrote:
> > ...
> >> This seems pretty close to what we have with signed tags.  When I send
> >> a pull request to Linus, I create a signed tag which createscontains a
> >> message about a set of commits, and this message is automatically
> >> included in the pull request message generated with "git
> >> request-pull", and when Linus merges my pull request, the
> >> cryptographically signed tag, along with the message, date of the
> >> signature, etc., is preserved for all posterity.
> >
> > Thanks for pointing this out.  Signed tags are objects -- that's a
> > clear and strong precedent..
> 
> Sounds as if you are interpreting what Ted said as a supporting
> argument for having branches as separate type of objects, but the
> way I read it was "signed tags are sufficient for what you want to
> do; adding a new "branch" type does not make much sense at this
> point".

Yes, that's what I was saying.  If you want to record a reliable "who
pushed this" (or "who requested this to be pulled"), you really want
to use a GPG signature, since otherwise the identity of the pusher can
be completely faked --- especially if the you have a tiered system
where you have sub-maintainers in the mix.  So if you want any kind of
auditability long after the fact, you want digital signatures, and so
a signed tag maps exactly to what you want --- modulo needing a
standardized "Linus Torvalds" bot.  But the nice thing about creating
such an automated pull request processing system is that it doesn't
require making any changes to core git.

If you insist that it has to be done via a "git push", I suspect it
wouldn't be that hard to add changes to Gerrit (which already has an
concept of access control which ssh keys are allowed to push a
change), and extended it to include a hook that validated whether the
push included a signed tag.  Again, no core changes needed to git, or
to the repository format.

					- Ted
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]