Re: Git-commits mailing list feed.
From: Paul Jakma
Date: Sun Apr 24 2005 - 18:29:49 EST
On Sat, 23 Apr 2005, Linus Torvalds wrote:
NO.
Guys, I will say this once more: git will not look at the signature.
That means that we don't "strip them off", because dammit, they DO NOT
EXIST as far as git is concerned. This is why a tag-file will _always_
start with
commit <commit-sha1>
tag <tag-name>
because that way we can use fsck and validate reachability and have
things that want trees (or commits) take tag-files instead, and git
will automatically look up the associated tree/commit. And it will
do so _without_ having to understand about signing, since signing
is for trust between _people_ not for git.
And that is why I from the very beginning tried to make ti very
clear that the signature goes at the end. Not at the beginning, not
in the middle, and not in a different file. IT GOES AT THE END.
Actually, can you make the signature be detached and a seperate
object? Ie, add a signature object in its own right, distinct from
tag. They could then:
- be used to sign any kind of object
- allow objects to be signed by multiple people
Ideally, there'd be an index of signature objects by the SHA-1 sum of
the object they sign, as the signed object should not refer to the
signature (or the second of the above is not possible).
The latter of the two points would, in combination with the former,
allow for cryptographic 'signed-off-by' chains. If a 'commit' is
signed by $RANDOM_CONTRIBUTOR and $SUBSYSTEM_MAINTAINER and $ANDREW,
you know its time to pull it. Would also work for things like "fixes
only" trees, where (say) a change must be approved by X/2+1 of a
group of X hacker providing oversight -> looking up the commit
object's signatures would tell you whether it was approved.
No idea whether this is possible or practical. :) But it would be
good for future flexibility to avoid including the signature in the
object being signed.
regards,
--
Paul Jakma paul@xxxxxxxx paul@xxxxxxxxx Key ID: 64A2FF6A
Fortune:
You give me space to belong to myself yet without separating me
from your own life. May it all turn out to your happiness.
-- Goethe
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/