From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms13.migadu.com with LMTPS id sPc6LFZm22an5gAAqHPOHw:P1 (envelope-from ) for ; Fri, 06 Sep 2024 20:30:14 +0000 Received: from aspmx1.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0.migadu.com with LMTPS id sPc6LFZm22an5gAAqHPOHw (envelope-from ) for ; Fri, 06 Sep 2024 22:30:14 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=debian.org header.s=1.vagrant.user header.b=fFEzJ+pd; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1725654614; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=ulGLBmiAzJPOSTfhYVFXEWAf+TMnVufbZ9xbuL28EqM=; b=pqyFpkP+fTynX7KR+Glt/mue4mI0QkIm1lVsh4UK/ujYAvrruygWU60Cp00LlKi/w+0Mm/ 3OkUN3eizfWBVS6KbabXYdzyhgkb49t7uGhXyqc65ZblITuVNWlP393u0kzKtCKyPcmtyM RxZb2wwVhMFpjjnbrM0T0u+1I5YDOHUBV7ye0oua5jkdHs9rInV+Nrrb1EZG2qW9MXPS2v cat40KUtf9yiqmQzuh7XCCGrw82T69vk59YUWA/QHIqPWJDUjywJ+o7ApF/WuK2LZTPC7n AAfZpmBKEi0jqn1EJREXVeasjYbjc82alKrQvOfyUfix9Y8SCwgnTM1dhhZk0w== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1725654614; a=rsa-sha256; cv=none; b=tYPd3O/PF0tL1wnwfeVtYMbmejA/AQihe+5Wrp4r7uevWVuB3pBzGq9xWItOyO1UYX5t7n 2poR2cPrAXGvXJT5Ec+6HzbeD4vV7bHazNxNxbAqMJTePDFyQO9QrtBxWwuOgY1pCT83VK hef7pTM38ESr/5tLnsc2r/aYJdw1rhPvCwQz80S19gT190iV4fIfnIB8ANk+3ijshrHQon RXoUCmHB0yy0uRItv8Lc22M9Okn1G5E3SVFRXsM5tMmc7udYL8zfMPOImre+3OmS6hJRYs Dg6ot4WNqWtv8nPeZHszBZ/YsEv7fyV0Q8ntAFIhCpTqAl4Sr3TWHirlGvSr3w== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=debian.org header.s=1.vagrant.user header.b=fFEzJ+pd; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 9401673162 for ; Fri, 06 Sep 2024 22:30:14 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1smfaA-0006Qq-DN; Fri, 06 Sep 2024 16:29:26 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smfa6-0006Qe-Gr for guix-devel@gnu.org; Fri, 06 Sep 2024 16:29:22 -0400 Received: from cascadia.aikidev.net ([2600:3c01:e000:267:0:a171:de7:c]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smfa4-0000yP-Jl; Fri, 06 Sep 2024 16:29:22 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=debian.org; s=1.vagrant.user; t=1725654556; bh=xRWtbjIZPpJoV5afw1hTVQ29wzRzAsysxZQfCo5HRKo=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=fFEzJ+pdKuKOilwhOXbCWbh5+oZsfNXKe0dC6UI2wRhVUljOX5BEcOakR5NeaMj+q LymSQy4ZBhgCPAvnYx5KyjrUj/G/zrwWZlofhEnMx0LPCyoJMpS4AK7rjcRIQXLhIt JuNjfjnBJGvv0DWEHAJs/u/X8nA1JlDZSAh/kGgZrSTW+vroLQMnlDGzVa9jcWwCtq 0uZfOZLDQ9jhO0Zs5EGejfisJhdr4r3T33/PJXHJhJN5VPUTBZpY/JTGEHDszedAlb YFJhrarAha2mC1NhoFysnvkwUOyOfsua59JX/jqiDssMr9+B7GWumEK1m/cDIscDiW hURbBgfP9m6hQ== Received: from localhost (unknown [IPv6:2600:3c01:e000:21:7:77:0:50]) by cascadia.aikidev.net (Postfix) with ESMTPSA id 017E41DF2; Fri, 6 Sep 2024 13:29:15 -0700 (PDT) From: Vagrant Cascadian To: Leo Famulari Cc: Ludovic =?utf-8?Q?Court=C3=A8s?= , Simon Tournier , guix-devel Subject: Rebasing commits and re-signing before mergeing (Was: =?utf-8?Q?=E2=80=98core-updates=E2=80=99?= is gone; long live =?utf-8?Q?=E2=80=98core-packages-team=E2=80=99!=29?= In-Reply-To: References: <87le0cj13e.fsf@inria.fr> <87v7zby3r6.fsf@gmail.com> <87zfol170t.fsf@gnu.org> <87y144oew9.fsf@wireframe> Date: Fri, 06 Sep 2024 13:29:11 -0700 Message-ID: <87tteso7ag.fsf@wireframe> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Received-SPF: none client-ip=2600:3c01:e000:267:0:a171:de7:c; envelope-from=vagrant@debian.org; helo=cascadia.aikidev.net X-Spam_score_int: -21 X-Spam_score: -2.2 X-Spam_bar: -- X-Spam_report: (-2.2 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.142, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: guix-devel-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -8.17 X-Spam-Score: -8.17 X-Migadu-Queue-Id: 9401673162 X-Migadu-Scanner: mx11.migadu.com X-TUID: pik2GLQYVDTt --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On 2024-09-06, Leo Famulari wrote: > On Fri, Sep 06, 2024 at 10:44:54AM -0700, Vagrant Cascadian wrote: >> Is it just me, or is rebasing branches disconcerting, as it likely means >> the person signing the commit is not necessarily the original person >> pushing the commit? This is worst for the now deprecated core-updates >> branch with many rebased commits... are people still updating the >> signed-off-by tags or whatnot? > > In Guix, the "signed-off-by" tag gives credit to the reviewer of the > patch, but doesn't indicate anything about authority to push to > guix.git. That sounds more like a Reviewed-by tag. from doc/contributing.texi: When pushing a commit on behalf of somebody else, please add a @code{Signed-off-by} line at the end of the commit log message---e.g., with @command{git am --signoff}. This improves tracking of who did what. ... @cindex Reviewed-by, git trailer When you deem the proposed change adequate and ready for inclusion within Guix, the following well understood/codified @samp{Reviewed-by:@tie{}Your@tie{}Name@tie{}} @footnote{The @samp{Reviewed-by} Git trailer is used by other projects such as Linux, and is understood by third-party tools such as the @samp{b4 am} sub-command, which is able to retrieve the complete submission email thread from a public-inbox instance and add the Git trailers found in replies to the commit patches.} line should be used to sign off as a reviewer, meaning you have reviewed the change and that it looks good to you: =20=20 > In all cases, a commit that is pushed to guix.git will be signed by an > authorized committer. The signature system ensures that. > > If we are concerned about long-running branches being rebased and > commits losing their "original" signatures, I think it's not really > something to worry about. That's because the signature *only* tells us > that that the commit was signed by someone who is authorized, and it > tells us *nothing* else. The code-signing authorization is extremely > limited in scope. It doesn't tell us that the code works, is freely > licensed, is not malicious, etc. So, it doesn't matter who signs a > commit, as long as it is signed by an authorized person. My understanding of what properly signed commits tell me, at least in the context of Guix, is that the person who has signed a given commit has made reasonable efforts to ensure the code works, is freely licensed, and is not malicious, etc. That they agree to do those sorts of things and have a history doing those things is why some people are trusted (e.g. authorized) to push commits. Mistakes happen, and that is fine, but having the signatures allows some way to review who did what when unfortunate things inevitably happen, to try and come to understanding of what to do better in the future. What concerns me, is with rebasing hundreds (thousands?) of commits (e.g. recent core-updates rebase & merge), many of which were originally reviewed by someone other than the person signing the commit, and re-signing them reduces the confidence that the signature indicates processes were appropriately followed... guix pull does protect against moving to unrelated histories, so probably the worst dangers of rebasing will at least trigger some warning! live well, vagrant --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCZttmFwAKCRDcUY/If5cW qodJAP4rFksSidyZ0cxv6u4VNOq6eIZwNbshR5rV7eYC4r4VSQD/aRqUVBGFG2uB lRinXdKmejUvZL5YjtzsxXSqcQG+Gw4= =VK9T -----END PGP SIGNATURE----- --=-=-=--