From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-devel-bounces+larch=yhetil.org@gnu.org>
Received: from mp2 ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms11 with LMTPS
	id ICKEB0MYzF/QMwAA0tVLHw
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Sat, 05 Dec 2020 23:31:15 +0000
Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp2 with LMTPS
	id SCtNA0MYzF9pJAAAB5/wlQ
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Sat, 05 Dec 2020 23:31:15 +0000
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id CCDAF94023A
	for <larch@yhetil.org>; Sat,  5 Dec 2020 23:31:14 +0000 (UTC)
Received: from localhost ([::1]:44010 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	id 1klh1F-0000gV-Ks
	for larch@yhetil.org; Sat, 05 Dec 2020 18:31:13 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:34940)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mhw@netris.org>) id 1klh0l-0000fN-RR
 for guix-devel@gnu.org; Sat, 05 Dec 2020 18:30:45 -0500
Received: from world.peace.net ([64.112.178.59]:33394)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mhw@netris.org>) id 1klh0g-0003aS-UB
 for guix-devel@gnu.org; Sat, 05 Dec 2020 18:30:43 -0500
Received: from mhw by world.peace.net with esmtpsa
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92)
 (envelope-from <mhw@netris.org>)
 id 1klh0e-0002iU-JH; Sat, 05 Dec 2020 18:30:36 -0500
From: Mark H Weaver <mhw@netris.org>
To: Raghav Gururajan <raghavgururajan@disroot.org>, Ryan Prior
 <ryanprior@hey.com>, Danny Milosavljevic <dannym@scratchpost.org>
Subject: Cosmetic changes commits as a potential security risk (was Re:
 Questionable "cosmetic changes" commits)
In-Reply-To: <b12415505e213533b59f157212c21cd5@disroot.org>
References: <87im9g4ukt.fsf@netris.org>
 <f3d60aafcdc5b41059409bd27d7f1de7360d15d4@hey.com>
 <cace69473f8551d4e2b89f412bfcdf12@disroot.org>
 <b12415505e213533b59f157212c21cd5@disroot.org>
Date: Sat, 05 Dec 2020 18:29:44 -0500
Message-ID: <87pn3nn858.fsf@netris.org>
MIME-Version: 1.0
Content-Type: text/plain
Received-SPF: pass client-ip=64.112.178.59; envelope-from=mhw@netris.org;
 helo=world.peace.net
X-Spam_score_int: -18
X-Spam_score: -1.9
X-Spam_bar: -
X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: guix-devel@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Development of GNU Guix and the GNU System distribution."
 <guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=subscribe>
Cc: Development of GNU Guix and the GNU System distribution
 <guix-devel@gnu.org>
Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+larch=yhetil.org@gnu.org>
X-Migadu-Flow: FLOW_IN
X-Migadu-Spam-Score: -2.30
Authentication-Results: aspmx1.migadu.com;
	dkim=none;
	dmarc=none;
	spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org
X-Migadu-Queue-Id: CCDAF94023A
X-Spam-Score: -2.30
X-Migadu-Scanner: ns3122888.ip-94-23-21.eu
X-TUID: /TSFXQcLwHEc

Hi Raghav,

I asked:
>> Do you have an explanation for why you are removing comments in your
>> "cosmetic changes" commits?

"Raghav Gururajan" <raghavgururajan@disroot.org> replied:
> I think the comments are useful for non-trivial cases.  In these
> definitions, the inputs were propagated because they were mentioned in
> .pc files.  Propagation because of pkg-config is trivial.  So I
> removed the comments.

Thanks for the explanation.

Please keep in mind that every comment in Guix was deliberately put
there by a Guix developer, which means that at least one developer
thought the comment was worth including.

I'm concerned that you felt so confident in your assessment that these
comments were superfluous that you felt justified in removing them
without telling anyone, let alone asking your mentors if they agreed.

My larger concern is that these removals were effectively hidden within
a commit that ostensibly only rearranged and reindented code.

* * *

It occurs to me that commits that rearrange or reindent code are a
potential security risk, because they obscure other changes made within
the same commit.  Even developers who try to keep an eye on changes
being made to Guix tend to simply *assume* that commits like these are
what they claim to be, because it's too tedious to verify them.

If we allow unannounced changes to be obscured within "cosmetic changes"
commits without reprimand, we invite the future possibility of
deliberate corruption of our code base via such commits, by attackers
who have compromised our developers' machines or signing keys.

* * *

Having said all of this, I should also say that I truly appreciate your
contributions, Raghav, and I'm glad that you are here.

      Regards,
        Mark