Thread (13 messages) 13 messages, 8 authors, 2016-06-15

Re: [Survey] Signed push

From: Sam Vilain <hidden>
Date: 2016-06-15 22:52:02

On 9/13/11 5:39 PM, Shawn Pearce wrote:
quoted
 If the push certificate also has the previous commit IDs for the changed
 refs, then you actually have an audit log.  Otherwise, it does not certify
 the commit range they pushed.
Is that necessary? The range they are certifying is that commit, and
its entire ancestry. If the pusher doesn't trust his ancestry, why is
he working with it? Similar to an annotated tag. I make a signed
annotated tag, I am asserting that revision and its ancestry is
something I like as far as a project build goes. You don't need the
old revision to realize I like this commit.
Perhaps because they didn't notice what happened.  Someone else pushed 
to the server without a signed push somehow, and then they pulled, 
pushed ... and now as far as you know, those commits are certified like 
any other.  Having this extra information, not much information, will 
help figure out what happens in this sort of situation.
quoted
This is an important prerequisite for a fully distributed, peer to peer git.
  For this case it would also need something to distinguish which repository
is to be updated; such as a canonical repository URL (or list of URLs), or
just a short project name.  A P2P protocol can then know projects as (KEYID,
projectname).
Why do we need a project name? Most Git based projects are uniquely
identified by the set of root commits they have. Why? Because most
root commits were created by different people, at different times,
with different commit messages, and different initial trees, resulting
in a unique commit SHA-1 for that root commit. Projects with more than
one root commit also disambiguate themselves from other projects that
maybe contain one of those roots (e.g. git.git vs. gitk).

If you wanted to identify a project on a P2P network, I think you
would want to do it based off the root commits, not some random name
people came up with and might try to publish forgeries under.
Yes, this is true, but it also makes it a lot harder to figure out if 
two projects are from the same real project, or whether they just shared 
some history.  In general, git repositories are partitioned by URL or 
project, and so this makes a soft case for a distributed system to 
partition itself by URL or project also.

Sam
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help