| 1 |
On Fri, Jul 03, 2015 at 12:24:42PM -0400, NP-Hardass wrote: |
| 2 |
> -----BEGIN PGP SIGNED MESSAGE----- |
| 3 |
> Hash: SHA256 |
| 4 |
> |
| 5 |
> On Fri, 3 Jul 2015 11:19:13 -0500 |
| 6 |
> William Hubbs <williamh@g.o> wrote: |
| 7 |
> |
| 8 |
> > On Fri, Jul 03, 2015 at 06:34:41AM +0000, Robin H. Johnson wrote: |
| 9 |
> > > On Thu, Jul 02, 2015 at 09:46:18PM -0400, Brian Evans wrote: |
| 10 |
> > > > Does this mean that |
| 11 |
> > > > https://wiki.gentoo.org/wiki/Gentoo_git_workflow is no longer |
| 12 |
> > > > draft or needs work or another document is meant to display the |
| 13 |
> > > > new flow? |
| 14 |
> > > It does cover most of the things needed. |
| 15 |
> > > |
| 16 |
> > > It could use some revision regarding gkeys, and I'd like to also |
| 17 |
> > > mandate signed pushes in addition to signed commits. |
| 18 |
> > |
| 19 |
> > A push doesn't create any data, it just uploads it to the repo, so how |
| 20 |
> > do you sign a push? |
| 21 |
> > |
| 22 |
> > William |
| 23 |
> > |
| 24 |
> |
| 25 |
> Repoman may need to be adjusted. Git commit has support for a "-S" |
| 26 |
> flag which signs the commit. |
| 27 |
|
| 28 |
No that is different. There are two signing things involved here. |
| 29 |
1) git commit -S. ie sign the commit in the tree, and git log will show |
| 30 |
that signature later. |
| 31 |
|
| 32 |
2) git push -S, this is signing the push itself. The client will sign |
| 33 |
everything that it pushes to the server. Then the server can verify that |
| 34 |
it was pushed by a dev (which is different from the commit since a dev |
| 35 |
might be pushing a commit that was made by a user). The server will save |
| 36 |
this push certificate so that it can also be verified later on. |
| 37 |
|
| 38 |
We'll want to have both of these on. It may require some repoman changes |
| 39 |
but should not be that much. |
| 40 |
|
| 41 |
-- Jason |
Archives