From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=ydxh=L2=klomp.org=mark@sourceware.org>
Received: from gnu.wildebeest.org (gnu.wildebeest.org [45.83.234.184])
	by sourceware.org (Postfix) with ESMTPS id B1C723858D28;
	Sun, 21 Apr 2024 15:30:53 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org B1C723858D28
Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=klomp.org
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=klomp.org
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org B1C723858D28
Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=45.83.234.184
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1713713455; cv=none;
	b=tE5nJuzzb6VxIQ2sPyF9Lpq4n+V9oBpvNwDpMTkMV6/DI6tKYUn7+6FIth0XuOvDVQQ5jAtlzDAdKv+m6ei8DI0Or4JPTCajJcY8VG6MTIIA5Paf92E2WvkniolthGhtq90xlyR/96lZ4wGqWaaqbo7vVWjVm4l+jLI0TXayiwM=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
	t=1713713455; c=relaxed/simple;
	bh=Y5RmTkwFs+WTobWNYopzU5CAJtdaHMdGIS6OHwmarzg=;
	h=Date:From:To:Subject:Message-ID:MIME-Version; b=aObqvUBL4QMWGEPRONLTTBxRrwDsrrZ+x3OfL7ArNEp9Q6ujUCqhdAm/CqmEx3gZX1NCyP3/iLP4b/Q/CQ7ezlWB4V7ecDmP4EXMj1zADSOXg8z6bWLknH/AoUgyl64C85Y3dRF2eYVVYDm743qCwo0gYpE5XWdPsYImzPaRlOQ=
ARC-Authentication-Results: i=1; server2.sourceware.org
Received: by gnu.wildebeest.org (Postfix, from userid 1000)
	id A555F3000587; Sun, 21 Apr 2024 17:30:52 +0200 (CEST)
Date: Sun, 21 Apr 2024 17:30:52 +0200
From: Mark Wielaard <mark@klomp.org>
To: Alejandro Colomar <alx@kernel.org>
Cc: Joel Sherrill <joel@rtems.org>, Florian Weimer <fweimer@redhat.com>,
	Guinevere Larsen via Overseers <overseers@sourceware.org>,
	Sandra Loosemore <sloosemore@baylibre.com>,
	Guinevere Larsen <blarsen@redhat.com>, GCC <gcc@gcc.gnu.org>,
	binutils <binutils@sourceware.org>,
	Eli Zaretskii via Gdb <gdb@sourceware.org>,
	libc-alpha@sourceware.org
Subject: Re: Sourceware mitigating and preventing the next xz-backdoor
Message-ID: <20240421153052.GA29957@gnu.wildebeest.org>
References: <20240329203909.GS9427@gnu.wildebeest.org>
 <20240401150617.GF19478@gnu.wildebeest.org>
 <fc3d8fe6-bfec-474d-a9ed-895067654603@baylibre.com>
 <077b9dd5-0df1-4384-a9d1-58e4283caf09@redhat.com>
 <87il0ykgw5.fsf@oldenburg.str.redhat.com>
 <CAF9ehCVOBkcckhQVimfgCQBh7=EE9f_7y-7+YoWicCp=CjHUqA@mail.gmail.com>
 <Zha-uHu9f3DKEOOo@debian>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Zha-uHu9f3DKEOOo@debian>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,JMQ_SPF_NEUTRAL,KAM_DMARC_STATUS,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <overseers.sourceware.org>

Hi Alejandro,

On Wed, Apr 10, 2024 at 06:30:42PM +0200, Alejandro Colomar wrote:
> It would also be interesting to require showing range-diffs between
> patch revisions.  They make it much more difficult to introduce a
> vulnerability after a reviewer has turned its mins into approving the
> patch.  Of course, the patch could go in if the submitter lies in the
> range-diff and the vuln is undetected, but then it can be verified a
> posteriory to prove that there was a lie.

Could you give an example of using git range-diff? How do you go from
v1 of a patch (series) to a v2? Normally when asked for changes to a
patch (series) I do an git rebase -i (on the local branch I used to
develop the feature/bug fix) and split/commit all requested changes
and then sent the new patches with git send-email again. But I guess
to use/combine that with git range-diffs I should start creating new
local branches for each patch (series) in development?

Thanks,

Mark