From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id 4OmcB8/23l8IFwAA0tVLHw (envelope-from ) for ; Sun, 20 Dec 2020 07:01:35 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id CPNlA8/23l/OHwAAB5/wlQ (envelope-from ) for ; Sun, 20 Dec 2020 07:01:35 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 7E9DB9403A6 for ; Sun, 20 Dec 2020 07:01:34 +0000 (UTC) Received: from localhost ([::1]:56764 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kqsii-00011e-Uz for larch@yhetil.org; Sun, 20 Dec 2020 02:01:33 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:49232) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kqsiI-00010K-1W for guix-devel@gnu.org; Sun, 20 Dec 2020 02:01:06 -0500 Received: from knopi.disroot.org ([178.21.23.139]:39138) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kqsiG-00006V-4R for guix-devel@gnu.org; Sun, 20 Dec 2020 02:01:05 -0500 Received: from localhost (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id 6488752370; Sun, 20 Dec 2020 08:01:02 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at disroot.org Received: from knopi.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VO060rRnmldM; Sun, 20 Dec 2020 08:01:01 +0100 (CET) Mime-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1608447659; bh=zt4fwH3GfSWhPDxlhmgJtlQRREo39QpLAWU3eTky2bk=; h=Date:From:Subject:To:Cc:In-Reply-To:References; b=Dop5aVtF1VCdsqmbCvBURDwPQcECOZc7B2zAtsrFfAhtHKdhnyIq9wW5q2+OT7+Lk 8/pIbo6PTWTA2XA3OOjtqIor1kGTlEbgfwPAPxXgigEmKwRy4O1L2cssfWcdlHGhLX vKWaTbMntfQ9R0edsILaTquanwL88ych8xT6kWBGu1j1MZx8R19FnR0Rh6cnrqc+Kh q++JJpQ3yYoxl2PBp3IfFh52DaMhKtI61JwoMSDM4NrgnGAevCY7j22vdlqg+huod8 j99w2HEP6b6M+GXbvrz1EI+ZFnBwa3UAGFMoxhIrFgKYBGwn2GsIEYNBaMEE5Z1zXf c/mavGRfJEE+g== Date: Sun, 20 Dec 2020 07:00:59 +0000 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-ID: <2551437cfcf96955702d3076715772f6@disroot.org> Subject: Re: Cosmetic changes commits as a potential security risk (was Re: Questionable "cosmetic changes" commits) To: "Mark H Weaver" , "Ryan Prior" , "Danny Milosavljevic" In-Reply-To: <87pn3nn858.fsf@netris.org> References: <87pn3nn858.fsf@netris.org> <87im9g4ukt.fsf@netris.org> Received-SPF: pass client-ip=178.21.23.139; envelope-from=raghavgururajan@disroot.org; helo=knopi.disroot.org X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Development of GNU Guix and the GNU System distribution Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" Reply-to: "Raghav Gururajan" From: "Raghav Gururajan" via "Development of GNU Guix and the GNU System distribution." X-Migadu-Flow: FLOW_IN X-Migadu-Spam-Score: -2.31 Authentication-Results: aspmx1.migadu.com; dkim=fail (headers rsa verify failed) header.d=disroot.org header.s=mail header.b=Dop5aVtF; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Queue-Id: 7E9DB9403A6 X-Spam-Score: -2.31 X-Migadu-Scanner: scn1.migadu.com X-TUID: RapXZ1n9Lqo7 Hi Mark!=0A=0A> Thanks for the explanation.=0A> =0A> Please keep in mind = that every comment in Guix was deliberately put=0A> there by a Guix devel= oper, which means that at least one developer=0A> thought the comment was= worth including.=0A> =0A> I'm concerned that you felt so confident in yo= ur assessment that these=0A> comments were superfluous that you felt just= ified in removing them=0A> without telling anyone, let alone asking your = mentors if they agreed.=0A> =0A> My larger concern is that these removals= were effectively hidden within=0A> a commit that ostensibly only rearran= ged and reindented code.=0A=0AMy apologies, I should have mentioned in th= e commit message. Anyway, I will be deferring from removing any existing = comments. =0A=0A> It occurs to me that commits that rearrange or reindent= code are a=0A> potential security risk, because they obscure other chang= es made within=0A> the same commit. Even developers who try to keep an ey= e on changes=0A> being made to Guix tend to simply *assume* that commits = like these are=0A> what they claim to be, because it's too tedious to ver= ify them.=0A> =0A> If we allow unannounced changes to be obscured within = "cosmetic changes"=0A> commits without reprimand, we invite the future po= ssibility of=0A> deliberate corruption of our code base via such commits,= by attackers=0A> who have compromised our developers' machines or signin= g keys.=0A=0AI see. I haven't thought about this, but will consider it.= =0A=0AThanks!=0A=0ARegards,=0ARG.