From: "Frank Ch. Eigler" <fche@redhat.com>
To: Overseers mailing list <overseers@sourceware.org>
Cc: Mark Wielaard <mark@klomp.org>,
"Frank Ch. Eigler" <fche@elastic.org>,
Morten Linderud <morten@linderud.pw>, Sam James <sam@gentoo.org>
Subject: Re: gitsigur for protecting git repo integrity
Date: Mon, 19 Jun 2023 16:20:01 -0400 [thread overview]
Message-ID: <20230619202001.GD5772@redhat.com> (raw)
In-Reply-To: <20230618230319.GI24233@gnu.wildebeest.org>
Hi -
> I like the general idea of (optionally) signing commits. And having an
> associated store of known keys.
Righto.
> As long as there are also unsigned or unknown signed commits it makes
> sense to also introduce some kind of transparancy log so people can
> check commits came in through a (ssh authenticated) receive-pack (and
> were not to result of direct manipulation of a repo on the server).
Manipulation on the server could not result in creation or editing of
signed commits, since the server (by design) does not hold any crypto
credentials. That's one of the benefits of habitually signing git
content.
> I don't think enforcing mode will be very popular on normal
> development branches. But I can see it being something you might want
> for release branches. [...]
Who knows, maybe. Given that releases come from development branches,
and given that signing your commits is rather lightweight, eventually
enough people could get used to it and to the assurances to just
toggle the switch for important branches.
But the script is configurable. Any project can:
- direct their sigur hook to a key repo of their choice, or a shared one
- have multiple active sigur hooks, configured differently, so as to
enforce distinct policies for different branches
> [...]
> Does it make sense for there to be a mode that requires (just) tags to
> be signed?
I suspect that wouldn't need to be a mode, just another configuration
sigur --checkref='ref/tags/*' --mode=enforcing [...]
- FChE
next prev parent reply other threads:[~2023-06-19 20:20 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-17 0:03 Frank Ch. Eigler
2023-06-18 23:03 ` Mark Wielaard
2023-06-19 20:20 ` Frank Ch. Eigler [this message]
2023-06-29 18:55 ` Frank Ch. Eigler
2023-07-04 8:32 ` Mark Wielaard
2023-07-05 18:25 ` Mark Wielaard
2023-07-05 20:01 ` Frank Ch. Eigler
2023-07-10 21:35 ` Ludovic Courtès
2023-07-10 22:05 ` Frank Ch. Eigler
2023-07-14 13:18 ` Ludovic Courtès
2023-07-14 14:00 ` Frank Ch. Eigler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230619202001.GD5772@redhat.com \
--to=fche@redhat.com \
--cc=fche@elastic.org \
--cc=mark@klomp.org \
--cc=morten@linderud.pw \
--cc=overseers@sourceware.org \
--cc=sam@gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).