Re: Rebasing commits and re-signing before mergeing (Was: ‘core-updates’ is gone; long live ‘core-packages-team’!)

[Leo Famulari <leo@famulari.name>]

On Fri, Sep 06, 2024 at 01:29:11PM -0700, Vagrant Cascadian wrote:
> > In Guix, the "signed-off-by" tag gives credit to the reviewer of the
> > patch, but doesn't indicate anything about authority to push to
> > guix.git.
> 
> That sounds more like a Reviewed-by tag.
> 
> from doc/contributing.texi:
> 
>   When pushing a commit on behalf of somebody else, please add a
>   @code{Signed-off-by} line at the end of the commit log message---e.g.,
>   with @command{git am --signoff}.  This improves tracking of who did
>   what.

We used the signed-off-by tag for years before we started signing
commits, so in Guix it has also indicated the person who performed the
primary review of the patch / commit.

> My understanding of what properly signed commits tell me, at least in
> the context of Guix, is that the person who has signed a given commit
> has made reasonable efforts to ensure the code works, is freely
> licensed, and is not malicious, etc.

I see. That's a misconception. The commit signature can only be used as
a code-signing authorization tool, to control access to the
authoritative copy of the codebase and, transitively, to control access
to users' computers.

The project leadership does aim to only authorize people they believe
will make the efforts you describe above.

But in Guix, the requirement to make those efforts is only enforced
socially.

There are no mechanisms to ensure that the build is not broken on the
master branch, etc.