Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-dev
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-dev@g.o
From: Dirkjan Ochtman <djc@g.o>
Subject: Re: Git braindump: 1 of N: merging & git signing
Date: Mon, 4 Jun 2012 16:26:58 +0200
On Mon, Jun 4, 2012 at 4:18 PM, Rich Freeman <rich0@g.o> wrote:
> How do you KNOW that the nearest signed descendant actually merged it?
>
> How do you know it wasn't added by a hacker?

Because then the signature for the nearest signed descendant wouldn't
check out (unless it got hacked before he signed it, of course, but in
that case hopefully he wouldn't sign it...).

> Also, when walking the tree keep in mind that there isn't just one
> path in it (with merge commits), and the links are from any particular
> HEAD going back.  I'm not convinced that this is impossible, but it
> isn't as trivial as it might seem at first glance.

Well, this only means there might potentially be multiple nearest
signed descendants, but I don't think that's a problem. Feel free to
shoot holes in it, but I think this checks out.

Of course, we'd have to make sure the tip of whatever is pushed is
always signed, but the hook for that should be trivial.

Cheers,

Dirkjan


Replies:
Re: Git braindump: 1 of N: merging & git signing
-- Rich Freeman
References:
Git braindump: 1 of N: merging & git signing
-- Robin H. Johnson
Re: Git braindump: 1 of N: merging & git signing
-- Andreas K. Huettel
Re: Git braindump: 1 of N: merging & git signing
-- Dirkjan Ochtman
Re: Git braindump: 1 of N: merging & git signing
-- Andreas K. Huettel
Re: Git braindump: 1 of N: merging & git signing
-- Dirkjan Ochtman
Re: Git braindump: 1 of N: merging & git signing
-- Rich Freeman
Re: Git braindump: 1 of N: merging & git signing
-- Dirkjan Ochtman
Re: Git braindump: 1 of N: merging & git signing
-- Rich Freeman
Re: Git braindump: 1 of N: merging & git signing
-- Dirkjan Ochtman
Re: Git braindump: 1 of N: merging & git signing
-- Rich Freeman
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Git braindump: 1 of N: merging & git signing
Next by thread:
Re: Git braindump: 1 of N: merging & git signing
Previous by date:
Re: [PATCH vcs-snapshot] Use ${WORKDIR}/${P} rather than ${S} to support ${S} overrides.
Next by date:
Re: Git braindump: 1 of N: merging & git signing


Updated Jun 29, 2012

Summary: Archive of the gentoo-dev mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.