| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <7v4nyoq0o2.fsf@alter.siamese.dyndns.org>
Date: Mon, 31 Oct 2011 15:03:09 -0700
From: Junio C Hamano <gitster@...ox.com>
To: Ingo Molnar <mingo@...e.hu>
Cc: git@...r.kernel.org,
Linus Torvalds <torvalds@...ux-foundation.org>,
James Bottomley <James.Bottomley@...senpartnership.com>,
Jeff Garzik <jeff@...zik.org>,
Andrew Morton <akpm@...ux-foundation.org>,
linux-ide@...r.kernel.org, LKML <linux-kernel@...r.kernel.org>
Subject: Re: [git patches] libata updates, GPG signed (but see admin notes)
Ingo Molnar <mingo@...e.hu> writes:
> * Linus Torvalds <torvalds@...ux-foundation.org> wrote:
>
>> That said, even the "BEGIN PGP SIGNED MESSAGE" things are a massive
>> pain in the butt. We need to automate this some sane way, both for
>> the sender and for the recipient.
>
> The most practical form would be if Git supported such oneliner pull
> requests:
>
> git pull git://foo.com bar.branch \
> --pull-sha1 0acf00014bcfd71090c3b0d43c98e970108064e4 \
> --gpg-by: "Ingo Molnar <mingo@...nel.org>" \
> --gpg-sig: 8a6f134afd1d212fe21345
>
> maintainers could just paste them into a shell and it would abort if
> it's not trusted. The maintainer verifies the visible, 'Ingo Molnar'
> bit. The 8a6f134afd1d212fe21345 is a signed-by-Ingo-Molnar version of
> this content:
>
> git://foo.com bar.branch 0acf00014bcfd71090c3b0d43c98e970108064e4
As a command line syntax, I think the new "--flag"s should all come
before non flag options to the "pull" subcommand, i.e.
git pull --sha1 0acf00014bcfd71090c3b0d43c98e970108064e4 \
--gpg-by "Ingo Molnar <mingo@...nel.org>" \
git://foo.com bar.branch
I do not understand what you meant by that "8a6f13...". When I run
$ echo "git://foo.com bar.branch 0acf00014bcfd71090c3b0d43c98e970108064e4" |
gpg -sa
I would get about 20 lines of solid gibberish, nothing close to that
clean and concise 20-or-so character sequence.
In any case, I do not think that "this site, that branch" information is
essential for the purpose of validation. I think I saw Linus responding to
a pull request saying "Your pull request says master but I found nothing
there; I assume you meant for-linus branch" or something similar, and as
long as that matches the expectation of the contributor, especially if you
specify "I want you to get _this_ commit" in your request-pull message, it
should not matter how/where Linus gets the history leading to that commit.
As "git-pull" is still a scripted Porcelain, interested people should be
able to experiment this idea by doing something like this:
1. The requestor signs the tip commit to be fetched with the version of
git from the "next" branch, i.e. "git commit -S", and pushes it to his
publishing location;
2. Around line 207, "git pull" spawns "git fetch", stops if dry-run. At
that point, you can:
- parse FETCH_HEAD and verify the SHA-1 matches what you got from the
command line;
- run "git show -s --show-signature FETCH_HEAD" (again, use the
version of git from the "next" branch) to let GPG parse the
signature.
and stop if either test fails.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists