From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=RIse=L3=gmail.com=jwakely.gcc@sourceware.org>
Received: from mail-ej1-x62f.google.com (mail-ej1-x62f.google.com [IPv6:2a00:1450:4864:20::62f])
	by sourceware.org (Postfix) with ESMTPS id 5844F3858D35
	for <gcc@gcc.gnu.org>; Mon, 22 Apr 2024 11:40:44 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 5844F3858D35
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 5844F3858D35
Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2a00:1450:4864:20::62f
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1713786047; cv=none;
	b=Gh/luxJJgpL7E/eacCon4EIy6Pis3b4gXkIBBOOmpGyeqyu5Y1o6dlN1pR0mhYitWdd48212PsHQzxEuwYrUd9KIMGwq3U+PFIrrNU+zaEo+iWqgivMm8hDqvZL+mObvDodyqQO5sQLT15AQrZExfPsyUngMQyN2mYOyO+IU1L0=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
	t=1713786047; c=relaxed/simple;
	bh=Wu08aen6LAPLfs7HKAmoeibcMkCgghCw7qzmSd0+p2w=;
	h=DKIM-Signature:MIME-Version:From:Date:Message-ID:Subject:To; b=SWYTiMxR/1RjRwjqHsLW3KyapR0P9VlBw6+h2skE8LzoIkLU573n1h2iHqqjVBWb8aNO7MHrRk9qI2QyR0hx02nO9AD//a8n+m0wZlSorUZvmhRXD2/dglyTVy/9PBDT1WKScbJnuQFPfJXibW+hqoR4r95bOcB8r5RVI8ZWrbM=
ARC-Authentication-Results: i=1; server2.sourceware.org
Received: by mail-ej1-x62f.google.com with SMTP id a640c23a62f3a-a5872419e31so3355266b.3
        for <gcc@gcc.gnu.org>; Mon, 22 Apr 2024 04:40:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1713786043; x=1714390843; darn=gcc.gnu.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=Wu08aen6LAPLfs7HKAmoeibcMkCgghCw7qzmSd0+p2w=;
        b=Lw06zONL3itVhvwposOAvRqAuMgo13ZxApjSD4BiULMDpb17sV1I++4n9z6AYuUaCC
         08FnxO2CJGfP+7QtHKgrMOEz2SdwpHueh9bC5uCqzb5FYY9ti1ZDq/6GpvJt2/A3NQiS
         jxYCXZoGzA7CDtH6MOQIz3zxiNKoNLWZPZ4/lBp3fEg9ypC89K53L+umVxjWpUAZa4pK
         YNniAkiuMbNEvRQg2+BLzrJyfESWHPSt4TH7NUeaG6zUzDXSBhbfv97Dl5JRFwF/a30l
         5GqRVsNHdy6nBTTBsPLaXuhd0939t0sWJFcCwiwqMaS6UR8qTrC79WpBEflb5AIm1ZDd
         Sycw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1713786043; x=1714390843;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=Wu08aen6LAPLfs7HKAmoeibcMkCgghCw7qzmSd0+p2w=;
        b=QPXcGs4qkFXXS9ATXMtIXMrLzMhhC60v7EMUK02dNM7w5H6XXYW5Th9hx7aphstnsR
         e9S45WhjeTev7ASB1EblDPBs1obwRqk8WDhOVfpuTaiTF+XiIiZgW7JEsg0JoSR1vH5f
         CdwwBRITB1mfNPrtJz6te8xeAFtghANag6J69rg5SfiBV5UnQ/SXxW4TdcfFK4ViMYe2
         fCYqTlCRY5rI6iAQy33ftS/x5XDdLJxhipGm3xkpn1OwrQcjpwWpvzhCeywH0ktJEryh
         Wt7E5Z9ht0D5TpYRH7o5P64gmyileKz+Q4WNrsVUhfJFGqYK/9NCO0lNtXX2Qq+wriPi
         9XTA==
X-Forwarded-Encrypted: i=1; AJvYcCUYfPLcACTk7TmRearECMFVuj4YWxx/t5iz0rE/PBVczGyompVwZyakXpRKgH+YD/H+fqzl0rBhF7ce4oPCBx8=
X-Gm-Message-State: AOJu0YzSlB6MOrH65uoZLzBXjqLBtDTtDzzn81ZbiSypdk32r+n7hAYm
	QE0Hwl+3cknomF8RnlQy34s5WojU3uGMWfZTCAD3AjO2FYlPq4R8SSHkz0YBUmuBjt82ZQL9PNb
	DNpuHAmUPiTwAHctq1irv+Plhkjw=
X-Google-Smtp-Source: AGHT+IEObaeuKUAsD5CbHKDTZWIKNH2sd2YNlrEeG7i1dxtDIU7Nj9tbnva7gmlix+2an0NGX1KOKQfpcILbwHVLi9U=
X-Received: by 2002:a17:906:2642:b0:a51:982e:b3f7 with SMTP id
 i2-20020a170906264200b00a51982eb3f7mr5528055ejc.37.1713786042750; Mon, 22 Apr
 2024 04:40:42 -0700 (PDT)
MIME-Version: 1.0
References: <20240417232725.GC25080@gnu.wildebeest.org> <CAH6eHdSnMtHOdb2WCqR83Km5b_EmuM1Ni12oMjsXU_1u9GA7Nw@mail.gmail.com>
 <966c58391b4d74bdc5ea607c76a8ba9b2c21263a.camel@klomp.org>
In-Reply-To: <966c58391b4d74bdc5ea607c76a8ba9b2c21263a.camel@klomp.org>
From: Jonathan Wakely <jwakely.gcc@gmail.com>
Date: Mon, 22 Apr 2024 12:40:31 +0100
Message-ID: <CAH6eHdTNnGXYj-4bRauDhR8pWZspRFJOxP++kRYvSqWkd+Ygdw@mail.gmail.com>
Subject: Re: Updated Sourceware infrastructure plans
To: Mark Wielaard <mark@klomp.org>
Cc: overseers@sourceware.org, gcc@gcc.gnu.org, binutils@sourceware.org, 
	gdb@sourceware.org, libc-alpha@sourceware.org
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-0.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <gcc.gcc.gnu.org>

On Mon, 22 Apr 2024 at 11:24, Mark Wielaard wrote:
>
> Hi Jonathan,
>
> On Fri, 2024-04-19 at 10:33 +0100, Jonathan Wakely wrote:
> > On Thu, 18 Apr 2024 at 00:28, Mark Wielaard wrote:
> > > We also encourage projects to use signed git commits where it makes
> > > sense. This can be done through the gitsigur process which supports
> > > hoos to only allow known (registered) signatures.
> > > https://inbox.sourceware.org/overseers/ZIz4NB%2FAqWpSNj5d@elastic.org/
> > > But can of course also be done in other ways. See this overview of how
> > > sigsigur, sigstore and b4 can provide a signed commit/release workflow:
> > > https://inbox.sourceware.org/overseers/ZJ3Tihvu6GbOb8%2FR@elastic.org/
> >
> > Would it be possible for gitsigur to support signing commits with ssh
> > keys as well as gpg? Git supports this, and it's much easier for
> > everybody than having to set up gpg.
> >
> > We already need an SSH key on sourceware.org to push to Git, so all
> > those public keys could be treated as trusted (via git config
> > gpg.ssh.allowedSignersFile). You could then sign your commits with the
> > same key that you use to push to sourceware.
>
> O, nice, I didn't even know about this, while it has been available for
> years: https://blog.dbrgn.ch/2021/11/16/git-ssh-signatures/

Yeah, I only learned about it recently, from:
https://fosdem.org/2024/schedule/event/fosdem-2024-3611-so-you-think-you-know-git/


>
> BTW. Note that the other way around is also possible, using your gpg
> key as ssh key using gpg-agent --enable-ssh-support. See e.g.
> https://gnu.wildebeest.org/blog/mjw/2019/02/17/new-pgp-key/
>
> > Does requiring using a second, different key to sign commits really
> > add any value? If somebody has compromised my ssh key and can push to
> > sourceware, are we hoping that they won't have compromised my gpg key
> > as well?
>
> I think it depends on the policy you use for signing commits.
> Personally I only sign commits that correspond to a particular release.
> But you can of course sign all commits with your ssh key at the same
> time (I don't know if they mix though).
>
> Cheers,
>
> Mark