From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id UIOSISZ7bmSUlQAASxT56A (envelope-from ) for ; Wed, 24 May 2023 23:01:26 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id 0IS3ICZ7bmTUUQAAG6o9tA (envelope-from ) for ; Wed, 24 May 2023 23:01:26 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 53F873672A for ; Wed, 24 May 2023 23:01:26 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1q1vbY-0005Dl-E8; Wed, 24 May 2023 17:01:08 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q1vbI-0005AW-4l for guix-devel@gnu.org; Wed, 24 May 2023 17:00:52 -0400 Received: from cascadia.aikidev.net ([2600:3c01:e000:267:0:a171:de7:c]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q1vbE-0007Hb-MX for guix-devel@gnu.org; Wed, 24 May 2023 17:00:50 -0400 Received: from localhost (unknown [IPv6:2600:3c01:e000:21:7:77:0:50]) (Authenticated sender: vagrant@cascadia.debian.net) by cascadia.aikidev.net (Postfix) with ESMTPSA id BD7891AD27; Wed, 24 May 2023 14:00:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=debian.org; s=1.vagrant.user; t=1684962039; bh=S4KjyoL02ciKsLNJNv17E3IgIKi0xtRLvO8NQQPF7kE=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=jMod818IWYwKSmWTCIYnjqSbcS8KsaWm7Jhe7v6vTuYvlObNYOuaABO77QlSr+c4L wrvl9FNzY3/uz2cr5SAniAZhvcp7W3MNrXbEXY1R9FWwbUrwx6oirX2FggYiGt2wRP 3sFvgwlnabD69swYK2YtH279mEoPAFj4XBWl2y+KM3OPjGqsSBqoGtSw1R+cfZkn7B LWQLeIFtbRF3x7qCuJDPf7032FdwzCE6h2zcyY9jNxlNMrY0u2GzcJSVeUbtgfH31C tjeVGBWk1jPRW2vtmUAU93pwOZwx90R+2fFnGJIji+EaWMehwAsH07k3dSMmi1CLdu 0CHoPAC7K8upQ== From: Vagrant Cascadian To: Simon Tournier , Josselin Poiret , Maxim Cournoyer , Leo Famulari Cc: guix-devel@gnu.org Subject: Re: Should commit signing always be required for local work? [was Re: bug#63261: Recent changes to git config cause errors for non-committers] In-Reply-To: <871qjcz3yi.fsf@gmail.com> References: <874jospdr2.fsf@psyduck.jhoto.kublai.com> <87y1m024rx.fsf@gmail.com> <875y8tww86.fsf@gmail.com> <87pm6xknq0.fsf@gmail.com> <877ct4r7f8.fsf@jpoiret.xyz> <871qjcz3yi.fsf@gmail.com> Date: Wed, 24 May 2023 14:00:36 -0700 Message-ID: <87v8ghh2bv.fsf@wireframe> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Received-SPF: none client-ip=2600:3c01:e000:267:0:a171:de7:c; envelope-from=vagrant@debian.org; helo=cascadia.aikidev.net X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: guix-devel-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Seal: i=1; s=key1; d=yhetil.org; t=1684962086; a=rsa-sha256; cv=none; b=Y3wqxxxj89R7Zx1QcRyVNro6odyVGDJ/pZFISIPE8QpYBYCFBiWsQpj8wOu4a1r1QlYkuv Alq81DDy1BEz5o+6Xe6kSsXn5HafBPtARottN2GGtvuF4Syu6IqQqKx2qzXpHG628HOZXA RLVMCTR3aBsFNEnhVGmfC3S/N8mCYOlgu+k4mPURCo/rj+6QfQAqjx+EEZEkbbjjF6sQNj DTXz+y3xWe0MyNWGMjOGMLboa1zMeS+tBJYSyAxBbffQFWkQNvIAE6qKZeB/oVhBUokjZm JCAcSJQL3m/D9iyI1+Cwxp9z5xo9NFdlTg6XgZqntIs7a68WIVI1V6gOUHFyfQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=debian.org header.s=1.vagrant.user header.b=jMod818I; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1684962086; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=37fiCT9I2kIs/CpUmyuzYdJ8e3SIxWhcp9FqKf8Ge1w=; b=h07r92x76dFHnxHOxeGHH4kQR41eNqY7muQylGXXuaDsOfWHw0BfZXI9PjLW27eYjaEfur Nxpc301LJBFs4ZTKQFzEpoxnVhLB4j02/s61x59CZ916akHUgqz3vArNcLuf/znMJJ3UrU D9HvAcJsP8jNZnRIXpVMmTHigEIn8bEOgpXjCdiuKeM7VIt9mrOeNyGJruhfc27YYxBVWL oLB/rXpFOHjJ2/l7i/tavj/wFzacHg3vVdzkL4XXiVgnJZrrXUBfFwT5aQ5lQrNwo4RR89 X3YF0MlfgqOPsaVVW6qb10/8o70IoqhBuHH1zQwW5C/6xKXseRR7SmmrM/wLQQ== X-Migadu-Scanner: scn1.migadu.com Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=debian.org header.s=1.vagrant.user header.b=jMod818I; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -6.59 X-Spam-Score: -6.59 X-Migadu-Queue-Id: 53F873672A X-TUID: SDtmv2MVJ3+l --=-=-= Content-Type: text/plain On 2023-05-19, Simon Tournier wrote: > On ven., 19 mai 2023 at 11:34, Josselin Poiret wrote: >> I'm curious Leo, in general (not Guix because we have a pre-push hook), >> how do you make sure you always publish signed commits? I don't want to >> put unsigned commits anywhere except locally, but it feels like I might >> just forget to sign them before pushing. > > Well, I am not Leo. :-) Maybe I misunderstand your question but usually > my file ~/.gitconfig contains my default; say always sign. Then > locally, for some project [1], I set other options with the local file > .git/config of the repository. > > And for the ones I do not want to sign locally but I will push signed, I > have pre-push hooks. Note, in practise, I do not have such > configuration. :-) This is basically a show-stopper for me working on guix right now. I intentionally do not have access to my openpgp key on Guix System machines. This completely breaks my workflow. Neither changing ~/.gitconfig not .git/config in the working repository seems to work around this. I think the case can be made that not requiring signatures will actually prevent unintentional changes from getting pushed to the archive, as the server-side hooks will prevent unsigned changes from landing in the repository... this is why I prefer to leave my local work-in-progress changes unsigned. I only sign things I am confident I might want to push. Please revert ASAP. live well, vagrant --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCZG569AAKCRDcUY/If5cW qsOhAQD+Y/liNiyjuIdfjoEMq3Y52p1QajqPVRl6UL0MbkeYYwD/VwxbLBDqo7xD C1jq0XP97XU3QFtAPDXMh53SWtSPfAs= =uMVO -----END PGP SIGNATURE----- --=-=-=--