From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <drepper@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	by sourceware.org (Postfix) with ESMTPS id 6EBEB3858292
	for <gcc@gcc.gnu.org>; Wed, 14 Sep 2022 12:07:50 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 6EBEB3858292
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1663157270;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=0LZvKpj3eyfRtXzYcXKIVXAc0mejp8xog2vB+6nwdhE=;
	b=RzR11tdgxOqsrdSxA0hIVgxslkIHEB8sZMvVcNvtwigWKBh2nGNviLlSomLyYN9GECl1V3
	tch1KI80gjBP5GklYsHZInWJJAsGen6DmX8t9CaNiKgrg2wH6PlRUsKsyTcRaGPkbzI+pv
	watEYUZJLI6iqNz1We386U9CFDt6WeQ=
Received: from mail-oa1-f70.google.com (mail-oa1-f70.google.com
 [209.85.160.70]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id
 us-mta-594-l2vP1wcOMGins3KIrGEThw-1; Wed, 14 Sep 2022 08:07:41 -0400
X-MC-Unique: l2vP1wcOMGins3KIrGEThw-1
Received: by mail-oa1-f70.google.com with SMTP id 586e51a60fabf-12777f2df6aso7101911fac.14
        for <gcc@gcc.gnu.org>; Wed, 14 Sep 2022 05:07:41 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date;
        bh=0LZvKpj3eyfRtXzYcXKIVXAc0mejp8xog2vB+6nwdhE=;
        b=f/OUWFHLiFsshFFk6/9v0bs3t+iZ4pO7RF+NkjEIaIjyPYUSejDhrDmQt5IKexezok
         RnsoGZ21pHecmZ4+xtPNcYUYNhixM3V9Q2NnuIc9jtBAqg3FXwJrQQ++uFgapLN4JgdI
         aw9g+JKgnq53N3LYixd8R0dlPALbmUx/hPTFpXSuWzx/CXGaCvyRsjBjykzB4rH2Vl8r
         YhCQNSrz0/s00hWK4vTsZXoQcpCU8teuJJ06XPnYRSEoG79RFrymswPqMFxaaDpJt36z
         L2V9mXVZOKS1+JAr0jfXUSeeysqhLxAIXn3lRfNYd6KF3X9C+5ojBuTh4obfhBN/G/b4
         f2Og==
X-Gm-Message-State: ACgBeo0CPlErxWpmI9tpwvaXnRdOhoaZ6svYNLwnEj1aLjvDWABj7f+C
	FHfTEpz/oNeJ2lGy8kf4Jp+teqcfCpjQY3mRNc4AJC4jhCVO1gp8077ELrkkrZcoaP+xjFJOA+z
	yroXYdZ0tmsSMwOVDLtJGPdo=
X-Received: by 2002:aca:190e:0:b0:34f:6cfb:b152 with SMTP id l14-20020aca190e000000b0034f6cfbb152mr1649177oii.270.1663157260818;
        Wed, 14 Sep 2022 05:07:40 -0700 (PDT)
X-Google-Smtp-Source: AA6agR5+3dE01hp15c//BpAzhejuIiqXJb0Q5IUXU2Ke4IoJhnzsUNiQL+IQg2Xd9+eeK92DGahIUTcquKS3cD3kJPM=
X-Received: by 2002:aca:190e:0:b0:34f:6cfb:b152 with SMTP id
 l14-20020aca190e000000b0034f6cfbb152mr1649166oii.270.1663157260610; Wed, 14
 Sep 2022 05:07:40 -0700 (PDT)
MIME-Version: 1.0
References: <CAP3s5k_KxtoHcEff7B=m9ew1w4YZZg6o4_1EhyjT0dc0_B9USA@mail.gmail.com>
 <CAFiYyc1r0JKh1VG_=YSuvzp2QWs+wsU_C6=4O79iwABOSxDx8Q@mail.gmail.com>
In-Reply-To: <CAFiYyc1r0JKh1VG_=YSuvzp2QWs+wsU_C6=4O79iwABOSxDx8Q@mail.gmail.com>
From: Ulrich Drepper <drepper@redhat.com>
Date: Wed, 14 Sep 2022 14:07:29 +0200
Message-ID: <CAP3s5k9H5f68r96HyMb5Pk1-_5sCX42Cu1vjqCXMQQSmOeycpA@mail.gmail.com>
Subject: Re: commit signing
To: Richard Biener <richard.guenther@gmail.com>
Cc: Ulrich Drepper via Gcc <gcc@gcc.gnu.org>
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: multipart/alternative; boundary="000000000000b9859e05e8a1f9e2"
X-Spam-Status: No, score=-4.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_HELO_NONE,SPF_NONE,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <gcc.gcc.gnu.org>

--000000000000b9859e05e8a1f9e2
Content-Type: text/plain; charset="UTF-8"

On Wed, Sep 14, 2022 at 1:31 PM Richard Biener <richard.guenther@gmail.com>
wrote:

> How does this improve supply chain security if the signing happens
> automagically rather than manually at points somebody actually
> did extra verification?


It works only automatically if you have ssh-agent (and/or gpg-agent)
running.  I assume that's what developers do anyway because that's how they
like push changes to sourceware.  If you don't have an agent you'll have to
provide the signature of the signing key at the time of the commit.


What's the extra space requirement if every commit is signed?  I suspect
> the signatures themselves do not compress well.
>

The signatures are probably implemented as signed hashes of some sort.  So,
perhaps an additional SHA256 block plus infrastructure to determine the key
used etc.  I doubt that this is really measurable with today's disks and
servers and network connections.

--000000000000b9859e05e8a1f9e2--