unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
From: Vagrant Cascadian <vagrant@debian.org>
To: Leo Famulari <leo@famulari.name>
Cc: "Ludovic Courtès" <ludo@gnu.org>,
	"Simon Tournier" <zimon.toutoune@gmail.com>,
	guix-devel <guix-devel@gnu.org>
Subject: Rebasing commits and re-signing before mergeing (Was: ‘core-updates’ is gone; long live ‘core-packages-team’!)
Date: Fri, 06 Sep 2024 13:29:11 -0700	[thread overview]
Message-ID: <87tteso7ag.fsf@wireframe> (raw)
In-Reply-To: <ZttErY_GnAJd9iBe@jasmine.lan>

[-- Attachment #1: Type: text/plain, Size: 3402 bytes --]

On 2024-09-06, Leo Famulari wrote:
> On Fri, Sep 06, 2024 at 10:44:54AM -0700, Vagrant Cascadian wrote:
>> Is it just me, or is rebasing branches disconcerting, as it likely means
>> the person signing the commit is not necessarily the original person
>> pushing the commit? This is worst for the now deprecated core-updates
>> branch with many rebased commits... are people still updating the
>> signed-off-by tags or whatnot?
>
> In Guix, the "signed-off-by" tag gives credit to the reviewer of the
> patch, but doesn't indicate anything about authority to push to
> guix.git.

That sounds more like a Reviewed-by tag.

from doc/contributing.texi:

  When pushing a commit on behalf of somebody else, please add a
  @code{Signed-off-by} line at the end of the commit log message---e.g.,
  with @command{git am --signoff}.  This improves tracking of who did
  what.
...
  @cindex Reviewed-by, git trailer
  When you deem the proposed change adequate and ready for inclusion
  within Guix, the following well understood/codified
  @samp{Reviewed-by:@tie{}Your@tie{}Name@tie{}<your-email@@example.com>}
  @footnote{The @samp{Reviewed-by} Git trailer is used by other projects
  such as Linux, and is understood by third-party tools such as the
  @samp{b4 am} sub-command, which is able to retrieve the complete
  submission email thread from a public-inbox instance and add the Git
  trailers found in replies to the commit patches.} line should be used to
  sign off as a reviewer, meaning you have reviewed the change and that it
  looks good to you:
  

> In all cases, a commit that is pushed to guix.git will be signed by an
> authorized committer. The signature system ensures that.
>
> If we are concerned about long-running branches being rebased and
> commits losing their "original" signatures, I think it's not really
> something to worry about. That's because the signature *only* tells us
> that that the commit was signed by someone who is authorized, and it
> tells us *nothing* else. The code-signing authorization is extremely
> limited in scope. It doesn't tell us that the code works, is freely
> licensed, is not malicious, etc. So, it doesn't matter who signs a
> commit, as long as it is signed by an authorized person.

My understanding of what properly signed commits tell me, at least in
the context of Guix, is that the person who has signed a given commit
has made reasonable efforts to ensure the code works, is freely
licensed, and is not malicious, etc.

That they agree to do those sorts of things and have a history doing
those things is why some people are trusted (e.g. authorized) to push
commits.

Mistakes happen, and that is fine, but having the signatures allows some
way to review who did what when unfortunate things inevitably happen, to
try and come to understanding of what to do better in the future.


What concerns me, is with rebasing hundreds (thousands?) of commits
(e.g. recent core-updates rebase & merge), many of which were originally
reviewed by someone other than the person signing the commit, and
re-signing them reduces the confidence that the signature indicates
processes were appropriately followed...


guix pull does protect against moving to unrelated histories, so
probably the worst dangers of rebasing will at least trigger some
warning!


live well,
  vagrant

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]

  reply	other threads:[~2024-09-06 20:30 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-08-31 13:03 ‘core-updates’ is gone; long live ‘core-packages-team’! Ludovic Courtès
2024-09-01 16:34 ` Steve George
2024-09-01 17:06   ` Christopher Baines
2024-09-03 14:02     ` Christopher Baines
2024-09-06  9:01   ` Ludovic Courtès
2024-09-09 15:30     ` Simon Tournier
2024-09-04 12:58 ` Simon Tournier
2024-09-05  8:39   ` Marek Paśnikowski
2024-09-05  9:40     ` Ricardo Wurmus
2024-09-06  9:11   ` Ludovic Courtès
2024-09-06 10:09     ` Andreas Enge
2024-09-06 11:35       ` Marek Paśnikowski
2024-09-06 13:25         ` Andreas Enge
2024-09-06 13:17       ` indieterminacy
2024-09-26 12:52       ` Ludovic Courtès
2024-09-06 17:44     ` Vagrant Cascadian
2024-09-06 18:06       ` Leo Famulari
2024-09-06 20:29         ` Vagrant Cascadian [this message]
2024-09-07 17:45           ` Rebasing commits and re-signing before mergeing (Was: ‘core-updates’ is gone; long live ‘core-packages-team’!) Leo Famulari
2024-09-08  2:33             ` Vagrant Cascadian
2024-09-06 19:49       ` ‘core-updates’ is gone; long live ‘core-packages-team’! Christopher Baines
2024-09-09 17:28     ` Naming “build train” instead of “merge train”? Simon Tournier

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87tteso7ag.fsf@wireframe \
    --to=vagrant@debian.org \
    --cc=guix-devel@gnu.org \
    --cc=leo@famulari.name \
    --cc=ludo@gnu.org \
    --cc=zimon.toutoune@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).