From: Andy Wingo <wingo@igalia.com>
To: Leo Famulari <leo@famulari.name>
Cc: guix-devel@gnu.org
Subject: Re: ‘core-updates’ merge is a squashed commit
Date: Mon, 08 Aug 2016 09:38:44 +0200 [thread overview]
Message-ID: <87popjiubf.fsf@igalia.com> (raw)
In-Reply-To: <20160806020707.GA16878@jasmine> (Leo Famulari's message of "Fri, 5 Aug 2016 22:07:07 -0400")
On Sat 06 Aug 2016 04:07, Leo Famulari <leo@famulari.name> writes:
> But, I also think the primary point of signing the commits is to record
> the identity of the person responsible for the commit, and so I think
> the policy should be to sign each commit. [0]
To me this is not the value that signing brings; rather, signing
protects against an attack in which a malicious third party updates the
Guix git repository to have a vulnerable commit.
Given that most people run "guix pull" without inspecting the commits,
this is real value: it would be possible to even make "guix pull" only
accept updates whose HEAD is signed by a key in the keyring. Having the
hook only accept signed HEADs is a good start along that path of course.
> Isn't it better for the identity information to be inherent to the Git
> commits themselves, since those are what is preserved by Git? Git does
> not preserve hooks or policies.
The convention that a signature goes along with responsibility is also a
policy -- any path we take is a convention.
> Also, is there some problem with signing each commit? I don't know why
> we'd want to stop doing this.
I think there's a risk of signing fatigue. The more signatures you make
with your key, the more likely it is that you sign something that you
didn't mean to. To me it makes sense to reduce the number of signatures
to the minimum necessary to preserve whatever security properties we are
interested in; but YMMV obviously :)
Andy
next prev parent reply other threads:[~2016-08-08 7:39 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-01 8:19 Core-updates Andreas Enge
2016-08-01 21:48 ` core-updates merged! Ludovic Courtès
2016-08-02 13:26 ` ng0
2016-08-02 17:32 ` Ludovic Courtès
2016-08-02 17:48 ` Leo Famulari
2016-08-02 21:28 ` Ludovic Courtès
2016-08-03 4:04 ` Leo Famulari
2016-08-03 16:42 ` Ludovic Courtès
2016-08-03 17:24 ` Leo Famulari
2016-08-03 17:56 ` Ludovic Courtès
2016-08-03 18:39 ` Leo Famulari
2016-08-03 20:01 ` Ludovic Courtès
2016-08-03 21:01 ` Leo Famulari
2016-08-03 21:27 ` Andreas Enge
2016-08-03 22:14 ` Leo Famulari
2016-08-03 20:29 ` ‘core-updates’ merge is a squashed commit Ludovic Courtès
2016-08-03 21:10 ` Leo Famulari
2016-08-04 7:50 ` Mark H Weaver
2016-08-04 8:24 ` Andreas Enge
2016-08-04 12:36 ` Mark H Weaver
2016-08-04 12:40 ` Andreas Enge
2016-08-04 13:04 ` Leo Famulari
2016-08-04 13:23 ` Mark H Weaver
2016-08-04 14:07 ` Ludovic Courtès
2016-08-04 14:10 ` Andreas Enge
2016-08-04 14:45 ` Mathieu Lirzin
2016-08-04 16:37 ` Leo Famulari
2016-08-04 18:32 ` Andreas Enge
2016-08-04 20:06 ` Leo Famulari
2016-08-04 18:34 ` Andreas Enge
2016-08-04 15:06 ` Andy Wingo
2016-08-04 16:44 ` Leo Famulari
2016-08-04 16:55 ` Andy Wingo
2016-08-04 20:05 ` Leo Famulari
2016-08-05 7:35 ` Andy Wingo
2016-08-05 14:59 ` Leo Famulari
2016-08-05 16:50 ` Andy Wingo
2016-08-05 17:11 ` Leo Famulari
2016-08-06 0:59 ` Mark H Weaver
2016-08-06 2:07 ` Leo Famulari
2016-08-08 7:38 ` Andy Wingo [this message]
2016-08-06 7:52 ` Andreas Enge
2016-08-08 7:46 ` Andy Wingo
2016-08-07 6:16 ` Mike Gerwitz
2016-08-04 11:41 ` Leo Famulari
2016-08-06 14:42 ` core-updates merged! Leo Famulari
2016-08-10 19:49 ` Leo Famulari
2016-08-13 7:15 ` Manolis Ragkousis
2016-08-13 23:20 ` Core-updates is ready for your patches! Leo Famulari
2016-08-09 3:07 ` core-updates merged! Leo Famulari
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87popjiubf.fsf@igalia.com \
--to=wingo@igalia.com \
--cc=guix-devel@gnu.org \
--cc=leo@famulari.name \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).