Annoying behaviour of the GPG signature verification pre-push hook

all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed

From: Leo Famulari <leo@famulari.name>
To: guix-devel@gnu.org
Subject: Annoying behaviour of the GPG signature verification pre-push hook
Date: Tue, 27 Mar 2018 17:39:23 -0400	[thread overview]
Message-ID: <20180327213923.GA16676@jasmine.lan> (raw)

[-- Attachment #1: Type: text/plain, Size: 2037 bytes --]

In HACKING, we recommend Guix committers install a pre-push hook to
verify their GPG signatures before pushing to Savannah. [0] This is
intended to catch mistakes only.

This generally works, and I tend to forget I'm using it for months at a
time :)

There is one case where the hook is annoying: pushing a new branch.

In this case, Git tries to verify a very large number of commit
signatures.  This takes a long time and is bound to fail due to
signatures made with keys that have since expired. [1] You have to
disable the hook temporarily in order to push new branches to our Git
repo.

So, you end up waiting for several minutes for something that is
definitely not going to work.

We discussed this on #guix today [2]. Salient points:

* This annoying behaviour requires users to disable the hook, and they
might forget to re-enable it. That is bad.

* This behaviour forces users to think about signatures, and they might
double-check things by hand after disabling the hook, which is better
than nothing.

* The hook could simply print a warning and allow the new branch to be
pushed, which would avoid the annoying behaviour. But, BAD signatures
have made it into our repo, and they may have been caught by manual
verification.

* Pushing a new branch happens very rarely, so maybe this annoying
behaviour doesn't matter. We could reduce the range of commits to start
at the last release to make it fail more quickly.

* Maybe HACKING should suggest symlinking the hook instead of copying it,
so we could deploy changes to it automatically.

Thoughts? Personally, I'm inclined to leave it as is, perhaps reducing
the range and changing HACKING to suggest a symlink instead of a copy.

[0]
https://git.savannah.gnu.org/cgit/guix.git/tree/HACKING?id=75176f1b94903b592f5b1eb5a1b856c5ec761276#n50
https://git.savannah.gnu.org/cgit/guix.git/tree/etc/git/pre-push?id=75176f1b94903b592f5b1eb5a1b856c5ec761276

[1] This shouldn't count as a failure, in my opinion, but it does.

[2]
https://gnunet.org/bot/log/guix/2018-03-27#T1661747

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

                 reply	other threads:[~2018-03-27 21:39 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180327213923.GA16676@jasmine.lan \
    --to=leo@famulari.name \
    --cc=guix-devel@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.