Re: [git patches] libata updates, GPG signed (but see admin notes)

From: Jeff Garzik
Date: Mon Oct 31 2011 - 19:55:12 EST

Next message: Steve French: "Re: [RFC PATCH] freezer: revert 27920651fe "PM / Freezer: Makefake_signal_wake_up() wake TASK_KILLABLE tasks too""
Previous message: Tejun Heo: "Re: [RFC PATCH] freezer: revert 27920651fe "PM / Freezer: Makefake_signal_wake_up() wake TASK_KILLABLE tasks too""
In reply to: Linus Torvalds: "Re: [git patches] libata updates, GPG signed (but see admin notes)"
Next in thread: H. Peter Anvin: "Re: [git patches] libata updates, GPG signed (but see admin notes)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10/31/2011 06:44 PM, Junio C Hamano wrote:

"H. Peter Anvin"<hpa@xxxxxxxxx> writes:

On 10/31/2011 03:30 PM, Linus Torvalds wrote:

But if you do the normal "git pull git://git.kernel.org/name/of/repo"
- which is how things happen as a result of a pull request - you won't
get tags at all - you have to ask for them by name or use "--tags" to
get them all.

Didn't realize that... I guess I'm too used to named remotes.

If so, just using a tag should be fine, no?

So nobody is worried about this (quoting from my earlier message)?

On the other hand, the consumers of "Linus kernel" may want to say that
they trust your tree and your tags because they can verify them with your
GPG signature, but also they can independently verify the lieutenants'
trees you pulled from are genuine.

A signed emphemeral tag is usable as means to verify authenticity in a
hop-by-hop fashion, but that does not leave a permanent trail that can be
used for auditing.

The main worry is Linus ($human_who_pulls) gets cryptographically-verified data at the time he pulls. Once Linus republishes his tree (git push), there will be few, if any, wanting to verify Jeff Garzik's signature.

So no, I don't see that as a _driving_ need in the kernel's case.

And IMO the kernel will be a mix of signed and unsigned content for a while, possibly forever.

And Linus wrote:

[ Example gpg-signed small block that the attached patch adds to the
pull request: ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Commit be3fa9125e708348c7baf04ebe9507a72a9d1800
from git.kernel.org/pub/git
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)

iQEcBAEBAgAGBQJOrsILAAoJEHm+PkMAQRiGxZcH/31e0RrBitXUPKxHJajD58yh
SIEe/7i6E2RUSFva3KybEuFslcR8p8DYzDQTPLejStvnkO8v0lXu9s9R53tvjLMF
aaQXLOgrOC2RqvzP4F27O972h32YpLBkwIdWQGAhYcUOdKYDZ9RfgEgtdJwSYuL+
oJ7TjLrtkcILaFmr9nYZC+0Fh7z+84R8kR53v0iBHJQOFfssuMjUWCoj9aEY12t+
pywXuVk2FsuYvhniCAcyU6Y1K9aXaf6w5iOY2hx/ysXtUBnv92F7lcathxQkvgjO
fA7/TXEcummOv5KQFc9vckd5Z1gN2ync5jhfnmlT2uiobE6mNdCbOVlCOpsKQkU=
=l5PG
-----END PGP SIGNATURE-----

This is my preference for kernel pull requests at the moment. That has one advantage over Junio's "git pull --require-signature" and signed commits, notably, the URL is signed.

But in general signed commits would be nice, too. pull-generated merge requests would need to be signed, potentially introducing an additional interactive step (GPG passphrase request) into an automated process.

Jeff

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Steve French: "Re: [RFC PATCH] freezer: revert 27920651fe "PM / Freezer: Makefake_signal_wake_up() wake TASK_KILLABLE tasks too""
Previous message: Tejun Heo: "Re: [RFC PATCH] freezer: revert 27920651fe "PM / Freezer: Makefake_signal_wake_up() wake TASK_KILLABLE tasks too""
In reply to: Linus Torvalds: "Re: [git patches] libata updates, GPG signed (but see admin notes)"
Next in thread: H. Peter Anvin: "Re: [git patches] libata updates, GPG signed (but see admin notes)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]