lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 30 Aug 2016 10:07:49 -0700
From:   Joe Perches <joe@...ches.com>
To:     Junio C Hamano <gitster@...ox.com>
Cc:     git <git@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org>
Subject: Re: git am and duplicate signatures

(adding lkml)

On Tue, 2016-08-30 at 09:54 -0700, Junio C Hamano wrote:
> Joe Perches <joe@...ches.com> writes:
> > git-am -s will avoid duplicating the last signature
> > in a patch.
> > 
> > But given a developer creates a patch, send it around for
> > acks/other signoffs, collects signatures and then does
> > a git am -s on a different branch, this sort of sign-off
> > chain is possible:
> > 
> > 	Signed-off-by: Original Developer <od@...ain.com>
> > 	Acked-by: Random Developer <rd@...ain.com>
> > 	Signed-off-by: Original Developer <od@...ain.com>
> Both correct and allowing the earlier one duplicated as long as
> there is somebody/something else in between is deliberate.

linux-kernel has a script (scripts/checkpatch.pl) that
looks for duplicate signatures (<foo>-by: [name] <address>)

Should the last Signed-off-by: in the commit log be
excluded from this check?

> > Should there be an option to avoid duplicate signatures
> > in a sequence where an author can git-am the same patch?
> I dunno.  The way "Signed-off-by" is handled is designed
> specifically to support the meaning of that footer, namely to record
> where it originated and whose hands it passed, used in the kernel
> and Git land.  Other projects certainly may have need for footers
> that denote different things that want different semantics (e.g. Who
> authored it and who cheered on it), but that is outside the scope of
> the "Signed-off-by" supported by "am -s" and "commit -s".
> 
> Support for more generic footers was supposed to come when the
> "interpret-trailers" topic started, but the author of the topic
> seems to have lost interest before the mechanism has become ready to
> be integrated in the workflow commands like "am", "commit", "rebase"
> etc., which is unfortunate.
> 
> > 
> > sequencer.c:append_signoff() has a flag for APPEND_SIGNOFF_DEDUP
> Yes, I think this is one of the warts we talked about getting rid of
> but haven't got around to it.  It is there because "format-patch -s"
> was incorrectly written to dedup Signed-off-by: from anywhere in its
> early implementation and to keep the same behaviour.  We should drop
> that flag from append_signoff() function.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ