From mboxrd@z Thu Jan  1 00:00:00 1970
From: Leo Famulari <leo@famulari.name>
Subject: bug#22883: Trustable "guix pull"
Date: Mon, 25 Apr 2016 20:13:59 -0400
Message-ID: <20160426001359.GA23088@jasmine>
References: <87io14sqoa.fsf@dustycloud.org>
 <87h9ep8gxk.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Return-path: <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:52019)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1auqdf-0002FM-L8
	for bug-guix@gnu.org; Mon, 25 Apr 2016 20:14:04 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1auqde-00050U-Ka
	for bug-guix@gnu.org; Mon, 25 Apr 2016 20:14:03 -0400
Received: from debbugs.gnu.org ([208.118.235.43]:34822)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1auqde-00050O-Ga
	for bug-guix@gnu.org; Mon, 25 Apr 2016 20:14:02 -0400
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-Message-ID: <handler.22883.B22883.146162964118402@debbugs.gnu.org>
Content-Disposition: inline
In-Reply-To: <87h9ep8gxk.fsf@gnu.org>
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-guix/>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Cc: 22883@debbugs.gnu.org

On Tue, Apr 26, 2016 at 12:25:11AM +0200, Ludovic Courtès wrote:
> Hello!
> 
> Christopher Allan Webber <cwebber@dustycloud.org> skribis:
> 
> > On top of that, even if you run from git proper what there isn't a test
> > about is: can you trust those latest commits?  Git doesn't really check,
> > at least by default.
> >
> >   https://mikegerwitz.com/papers/git-horror-story
> >
> > How about this: anyone with commit access should use "signed off by" and
> > gpg signatures combined.  We should keep some list of guix committers'
> > gpg keys.  No commit should be pushed to guix without a gpg signature.
> > At this point, at least, there is some possibility of auditing things.
> 
> To make progress on this front, I’ve decided to start signing all my
> commits, so:
> 
> --8<---------------cut here---------------start------------->8---
> $ git config commit.gpgsign
> true
> $ git config --global user.signingkey
> 090B11993D9AEBB5
> --8<---------------cut here---------------end--------------->8---
> 
> I invite everyone to do the same.  Hopefully, within a few weeks, we can
> add a commit hook to reject unsigned commits.

Okay.

> Note that we’ll be signing patches we push on behalf of contributors who
> do not have commit access (reviewer’s responsibility).
> 
> Also, rebasing, amending, and cherry-picking code signed by someone else
> would lose the original signature, which isn’t great and should be
> avoided, if possible.

I think it's common to make minor edits when committing on behalf of
others. For example, the committer might clean up a commit message or
standardize indentation.

How should we handle this?