Gentoo Archives: gentoo-dev

From: Rich Freeman <rich0@g.o>
To: "Michał Górny" <mgorny@g.o>
Cc: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] Git braindump: 1 of N: merging & git signing
Date: Tue, 05 Jun 2012 14:16:36
In Reply to: Re: [gentoo-dev] Git braindump: 1 of N: merging & git signing by "Michał Górny"
On Tue, Jun 5, 2012 at 2:50 AM, Michał Górny <mgorny@g.o> wrote:
> On Mon, 4 Jun 2012 16:57:42 -0400 > Rich Freeman <rich0@g.o> wrote: > >> If you go back and look at the tree you see a bunch of signed and >> unsigned commits.  How do you easily detect how the unsigned ones got >> there (via a dev with a merge commit, or via other means)? > > Well, that's not a very good solution but the server-side hooks could > also verify the tree state before applying new commits.
The obvious problem with this is that it makes the git server a single point of failure - if it is compromised the hooks will not help. Hooks should nevertheless be there to eliminate mistakes. Note that in no way are any of these git flaws any worse than the status quo. I just want to avoid any false sense of security. I think these are flaws that are worth fixing, and I think that was why many have labored to get the signing enabled in git in the first place. My suggestion is to keep working on this, but it shouldn't be considered a blocker for adoption, since these are not new security flaws, and if anything despite its holes git is an improvement. Rich