From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Karl Fogel Newsgroups: gmane.emacs.devel Subject: Recommend these .gitconfig settings for git integrity. Date: Sun, 31 Jan 2016 14:22:02 -0600 Message-ID: <87a8nlfqj9.fsf@red-bean.com> Reply-To: Karl Fogel NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1454271750 16487 80.91.229.3 (31 Jan 2016 20:22:30 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sun, 31 Jan 2016 20:22:30 +0000 (UTC) To: Emacs Devel Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sun Jan 31 21:22:25 2016 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1aPyVq-0004Gt-8u for ged-emacs-devel@m.gmane.org; Sun, 31 Jan 2016 21:22:22 +0100 Original-Received: from localhost ([::1]:43108 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aPyVp-0000ph-MH for ged-emacs-devel@m.gmane.org; Sun, 31 Jan 2016 15:22:21 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:38793) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aPyVc-0000oZ-9g for emacs-devel@gnu.org; Sun, 31 Jan 2016 15:22:09 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aPyVZ-0002pD-45 for emacs-devel@gnu.org; Sun, 31 Jan 2016 15:22:08 -0500 Original-Received: from mail-ig0-x232.google.com ([2607:f8b0:4001:c05::232]:35386) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aPyVY-0002p8-UH for emacs-devel@gnu.org; Sun, 31 Jan 2016 15:22:05 -0500 Original-Received: by mail-ig0-x232.google.com with SMTP id t15so21571217igr.0 for ; Sun, 31 Jan 2016 12:22:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:from:to:subject:reply-to:date:message-id:user-agent :mime-version:content-type; bh=DxxCkdeesLQ5+HuTKtJnjQV279bTKmdqZQcWSVdkTPc=; b=wx2xQygrxT8BD8S9Dy+Wa6oZkQi2D63q+sz2/CYdkDOInxLs8a84+nlD/QTWnQV2Fc DX/2Y5ZEnTlu6ON0kzQ1DjRmicX/2j4kRGgxnIhZzSKvpdIYzjXMgkPK03e0UkTqTwum XYovuQ/BFLiBHbZBNFD4JhjU/MVSJaEgAWvoQ4QnALtr6afY2UrMb5WwLDuLNmTD1C9C G5gkNqaoLcWyt0VksWZdPFY8hghysiuP8fZDonNGNJtnQ5HWfIiPsyxfdThgWvWJhIix BgVFosnbYm5g5sbd8XiiCHMK89r7Q/dU0De8jh/3g6EyusCnCS6fROEpeKZholnn9ePZ Bhhg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:sender:from:to:subject:reply-to:date:message-id :user-agent:mime-version:content-type; bh=DxxCkdeesLQ5+HuTKtJnjQV279bTKmdqZQcWSVdkTPc=; b=MR238kb6Gv4MAQ4bWi+KpbhuzCZGVICIQe30JDpvla9kjXOHKhVJT88Hzv5cXBhF4Y GVYMvmhINkl0sSHUHQcIU8jETPdIY33MrGHufEMutEfLpza9tNeTfu3O0PSmhCb7J6rG uTMO9/wjsuMFczP7wfMpMS0U2DBNVZyYXAM3v2P2xv+eZQIFwdKuZ2HtK/PM0IDI4ANL 1b+06MrpxzjjJBCoI32jPDeUW4XhXANmSyd6uyjK+0OxJTLWodA2dV845bC06CfbE68P 1Y1EKg3hakzIWYT1a/hnluZV6q7o7ilqJ42mUalGp/oaC/ER4bcftBrs0nNLmmF38IRP +dKg== X-Gm-Message-State: AG10YORN5d+B3uu4O2+QUf/P/f1x1uR+n5IdHhi6aVGIWlKKMzHSKuA94aPQi4Xsql3K1w== X-Received: by 10.50.78.165 with SMTP id c5mr7260633igx.29.1454271723904; Sun, 31 Jan 2016 12:22:03 -0800 (PST) Original-Received: from kdesk (207-181-239-70.c3-0.grn-ubr1.chi-grn.il.cable.rcn.com. [207.181.239.70]) by smtp.gmail.com with ESMTPSA id d132sm10340427ioe.12.2016.01.31.12.22.03 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 31 Jan 2016 12:22:03 -0800 (PST) User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.0.90 (gnu/linux) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2607:f8b0:4001:c05::232 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:199096 Archived-At: I've just added these settings to my ~/.gitconfig. Based on some recent reports, it might be a good idea for all of us to do the same: [transfer] fsckObjects = true [fetch] fsckObjects = true [receive] fsckObjects = true Summary: Although git communicates object ID by content-addressable hashes (thus in theory ensuring integrity), git apparently doesn't always bother to actually *check* the hashes, e.g., when receiving objects from remote repositories. Enabling the above settings causes git to notice if someone ships you a bogus object, which seems like, er, a win. You might be worried about a slowdown in some git operations, since content would now be checked against a hash, but according to those who've enabled the settings there's no noticeable slowdown in practice. So, based on the discussion in the thread below, there are good reasons for everyone to enable these settings, and no reason not to. (I was kind of surprised they weren't turned on by default in git, actually.) See this post & thread for more details: From: Eric Myhre Subject: git integrity To: binary-transparency (Google Group) Message-ID: <56ABBA5B.6020703@exultant.us> Date: Fri, 29 Jan 2016 11:15:39 -0800 https://groups.google.com/forum/#!topic/binary-transparency/f-BI4o8HZW0 See also these bug tickets mentioned by DKG in the thread: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813157 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743227 If we have consensus here, I could add this recommendation to the 'CONTRIBUTE' file in the Emacs tree; I'll wait to see what the followup is before doing that, however. Best regards, -Karl