Gentoo Archives: gentoo-scm

From: "Robin H. Johnson" <robbat2@g.o>
To: gentoo-scm@l.g.o
Subject: Re: [gentoo-scm] gpg signing of commits, was: Progress summary, 2009/06/01
Date: Fri, 05 Jun 2009 18:55:00
In Reply to: [gentoo-scm] gpg signing of commits, was: Progress summary, 2009/06/01 by Robert Buchholz
On Fri, Jun 05, 2009 at 02:59:18PM +0200, Robert Buchholz wrote:
> On Tuesday 02 June 2009, Robin H. Johnson wrote: > > - Review commit signing > > - pclouds (a former Gentoo dev) contributed this prototype: > > > >118788 - I'm not entirely convinced the above is right, as the commit > > message seems to end up unsigned. > I was wondering why we need GPG signing of commits at all. I was > thinking about the following two arguments:
The commit signing I'm after is so that we can be absolutely certain who introduced a given commit to the tree (who committed, AND who pushed the merge/fast-forward), and have that information distributed inside the tree. This is related to the push logging issue, if you've seen the discussions on tracking who committed vs. who pushed.
> 0. Intro > git stores the SHA1 hashes of objects and one can check for errors in > the transmission or on the disk. This makes the (unsigned) Manifest > parts unnecessary. Commit signing is the equivalent of Manifest file > signing we have right now.
Yes, it's the replacement for the existing Manifest signing. The point of that is proof of origin from developer BACK to infra.
> 1. It's not needed for tree signing > The tree signing GLEP does not require signing of either commits or > Manifests. It relies on the main infra repository is not being > compromised.
That's the external distribution portion of tree signing: infra -> world It's unrelated to the problem at hand within Git.
> 2. It is not well designed (cryptographically) > OpenGPG allows the usage of a set of cryptographic hash function to sign > a document. This allows people to switch to a different function once > attacks against one algorithm become known. This has been recently seen > with SHA-1:
I only stated that we need to offer GPG signing of commits. I did NOT specify the content of commits, other than noting that the commit message and the content needs to be signed together.
> The git signing, however, relies on the collision resistance of SHA-1 as > that algorithm is used to identify objects in the repository. We cannot > migrate away from it easily. This has been discussed upstream at length > and Linus pointed out that 'the "signed tags" security does depend on > the hashes being cryptographically strong.': >
The collision is going to come along anyway. Resigning would have to be done regardless of what we sign in Git. Not sure if you followed more recent discussions than one in 2006. The entire Git foodchain will suffer when it comes time to migrate away from SHA-2. Presently discussions of it imply that it's to be done probably as a versioned change, after the NIST hash competition comes up with a viable answer. -- Robin Hugh Johnson Gentoo Linux Developer & Infra Guy E-Mail : robbat2@g.o GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85