From: ludo@gnu.org (Ludovic Courtès)
To: Christopher Allan Webber <cwebber@dustycloud.org>
Cc: 22883@debbugs.gnu.org
Subject: bug#22883: Trustable "guix pull"
Date: Tue, 26 Apr 2016 00:25:11 +0200 [thread overview]
Message-ID: <87h9ep8gxk.fsf@gnu.org> (raw)
In-Reply-To: <87io14sqoa.fsf@dustycloud.org> (Christopher Allan Webber's message of "Wed, 02 Mar 2016 10:03:59 -0800")
[-- Attachment #1: Type: text/plain, Size: 1622 bytes --]
Hello!
Christopher Allan Webber <cwebber@dustycloud.org> skribis:
> On top of that, even if you run from git proper what there isn't a test
> about is: can you trust those latest commits? Git doesn't really check,
> at least by default.
>
> https://mikegerwitz.com/papers/git-horror-story
>
> How about this: anyone with commit access should use "signed off by" and
> gpg signatures combined. We should keep some list of guix committers'
> gpg keys. No commit should be pushed to guix without a gpg signature.
> At this point, at least, there is some possibility of auditing things.
To make progress on this front, I’ve decided to start signing all my
commits, so:
--8<---------------cut here---------------start------------->8---
$ git config commit.gpgsign
true
$ git config --global user.signingkey
090B11993D9AEBB5
--8<---------------cut here---------------end--------------->8---
I invite everyone to do the same. Hopefully, within a few weeks, we can
add a commit hook to reject unsigned commits.
Note that we’ll be signing patches we push on behalf of contributors who
do not have commit access (reviewer’s responsibility).
Also, rebasing, amending, and cherry-picking code signed by someone else
would lose the original signature, which isn’t great and should be
avoided, if possible.
What remains to be seen, among other things, is how we’ll maintain a
keyring of the committers, and how we’ll distribute it to users of ‘guix
pull’; the TUF spec has clever ideas about it, but we need to see how
they map to our setup.
Thoughts?
Ludo’.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 818 bytes --]
next prev parent reply other threads:[~2016-04-25 22:26 UTC|newest]
Thread overview: 87+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-02 18:03 bug#22883: Trustable "guix pull" Christopher Allan Webber
2016-03-02 19:26 ` Leo Famulari
2016-03-02 21:07 ` Christopher Allan Webber
2016-04-25 22:25 ` Ludovic Courtès [this message]
2016-04-26 0:13 ` Leo Famulari
2016-04-26 0:17 ` Thompson, David
2016-04-26 7:12 ` Ludovic Courtès
2016-04-30 4:43 ` Mike Gerwitz
2016-06-03 16:12 ` bug#22883: Authenticating a Git checkout Ludovic Courtès
2016-06-03 20:17 ` Leo Famulari
2016-06-04 11:04 ` Ludovic Courtès
2016-06-04 4:24 ` Mike Gerwitz
2016-06-04 11:17 ` Ludovic Courtès
2016-06-04 12:45 ` ng0
2016-06-06 12:20 ` ng0
2016-06-04 16:14 ` Mike Gerwitz
2016-06-05 20:39 ` Christopher Allan Webber
2016-06-05 21:15 ` Leo Famulari
2016-06-06 2:41 ` Mike Gerwitz
2016-06-06 7:01 ` Ludovic Courtès
2016-07-22 8:22 ` Ludovic Courtès
2016-07-22 12:58 ` Thompson, David
2016-07-22 13:58 ` Ludovic Courtès
2017-10-24 23:30 ` Ludovic Courtès
2019-12-27 19:48 ` Ricardo Wurmus
2019-12-28 14:47 ` Ludovic Courtès
2019-12-28 16:05 ` Ricardo Wurmus
2019-12-28 17:45 ` Ludovic Courtès
2020-04-30 15:32 ` Ludovic Courtès
2020-05-01 15:46 ` Justus Winter
2020-05-01 16:50 ` Ludovic Courtès
2020-05-01 17:04 ` Ludovic Courtès
2020-05-19 20:23 ` Ludovic Courtès
2020-06-01 14:07 ` bug#22883: Channel introductions Ludovic Courtès
2020-06-02 23:45 ` zimoun
2020-06-03 9:50 ` Ludovic Courtès
2020-06-03 16:20 ` zimoun
2020-06-04 9:55 ` Ludovic Courtès
2020-05-01 17:20 ` bug#22883: Authenticating a Git checkout Ludovic Courtès
2020-05-02 22:02 ` Ludovic Courtès
2020-05-04 8:03 ` Ludovic Courtès
2016-06-01 16:47 ` bug#22883: Discussion of TUF in the context of Git checkout authentication Ludovic Courtès
2016-05-15 12:40 ` bug#22883: Trustable "guix pull" fluxboks
2016-05-16 17:55 ` Thompson, David
2016-05-17 21:19 ` Ludovic Courtès
2016-06-04 16:19 ` Werner Koch
2016-06-04 22:27 ` Ludovic Courtès
2016-06-05 7:51 ` Werner Koch
2016-06-06 21:01 ` Leo Famulari
2016-06-07 8:08 ` bug#22883: gpg2 vs. gpg Ludovic Courtès
2016-06-07 11:25 ` Werner Koch
2016-06-07 12:58 ` ng0
2016-06-05 1:43 ` bug#22883: Trustable "guix pull" Mike Gerwitz
2018-08-28 19:56 ` Vagrant Cascadian
2018-09-02 16:05 ` Ludovic Courtès
2018-09-02 17:15 ` Vagrant Cascadian
2018-09-02 20:07 ` Ludovic Courtès
2019-12-20 22:11 ` bug#22883: Authenticating Git checkouts: step #1 Ludovic Courtès
2019-12-20 22:11 ` Ludovic Courtès
2019-12-21 1:33 ` bug#22883: " zimoun
2019-12-21 1:33 ` zimoun
2019-12-27 12:58 ` bug#22883: " Ludovic Courtès
2019-12-27 12:58 ` Ludovic Courtès
2019-12-27 20:47 ` Ricardo Wurmus
2019-12-27 20:47 ` Ricardo Wurmus
2019-12-27 21:31 ` Alex Griffin
2019-12-30 21:23 ` Ludovic Courtès
2019-12-29 2:45 ` Vagrant Cascadian
2019-12-29 7:34 ` Efraim Flashner
2019-12-29 7:34 ` Efraim Flashner
2019-12-30 21:29 ` Ludovic Courtès
2019-12-30 21:29 ` Ludovic Courtès
2019-12-29 2:45 ` Vagrant Cascadian
2019-12-31 19:16 ` Jakub Kądziołka
2020-01-08 13:30 ` Ludovic Courtès
2020-06-02 13:49 ` bug#22883: Authenticating a Git checkout John Soo
2020-06-03 9:33 ` Ludovic Courtès
2020-06-08 21:54 ` bug#22883: [PATCH 1/9] git-authenticate: Cache takes a key parameter Ludovic Courtès
2020-06-08 21:54 ` bug#22883: [PATCH 2/9] git-authenticate: 'authenticate-commits' takes a #:keyring parameter Ludovic Courtès
2020-06-08 21:54 ` bug#22883: [PATCH 3/9] tests: Move OpenPGP helpers to (guix tests gnupg) Ludovic Courtès
2020-06-08 21:54 ` bug#22883: [PATCH 4/9] channels: 'latest-channel-instance' authenticates Git checkouts Ludovic Courtès
2020-06-08 21:54 ` bug#22883: [PATCH 5/9] channels: Make 'validate-pull' call right after clone/pull Ludovic Courtès
2020-06-08 21:54 ` bug#22883: [PATCH 6/9] .guix-channel: Add 'keyring-reference' Ludovic Courtès
2020-06-08 21:54 ` bug#22883: [PATCH 7/9] channels: Automatically add introduction for the official 'guix' channel Ludovic Courtès
2020-06-08 21:54 ` bug#22883: [PATCH 8/9] pull: Add '--disable-authentication' Ludovic Courtès
2020-06-08 21:54 ` bug#22883: [PATCH 9/9] DROP? channels: Add prehistorical authorizations to <channel-introduction> Ludovic Courtès
2020-06-08 22:04 ` bug#22883: [PATCH 1/9] git-authenticate: Cache takes a key parameter Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87h9ep8gxk.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=22883@debbugs.gnu.org \
--cc=cwebber@dustycloud.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.