From: Jonathan Wakely <jwakely.gcc@gmail.com>
To: Mark Wielaard <mark@klomp.org>
Cc: overseers@sourceware.org, gcc@gcc.gnu.org,
binutils@sourceware.org, gdb@sourceware.org,
libc-alpha@sourceware.org
Subject: Re: Updated Sourceware infrastructure plans
Date: Fri, 19 Apr 2024 10:33:44 +0100 [thread overview]
Message-ID: <CAH6eHdSnMtHOdb2WCqR83Km5b_EmuM1Ni12oMjsXU_1u9GA7Nw@mail.gmail.com> (raw)
In-Reply-To: <20240417232725.GC25080@gnu.wildebeest.org>
On Thu, 18 Apr 2024 at 00:28, Mark Wielaard wrote:
> We also encourage projects to use signed git commits where it makes
> sense. This can be done through the gitsigur process which supports
> hoos to only allow known (registered) signatures.
> https://inbox.sourceware.org/overseers/ZIz4NB%2FAqWpSNj5d@elastic.org/
> But can of course also be done in other ways. See this overview of how
> sigsigur, sigstore and b4 can provide a signed commit/release workflow:
> https://inbox.sourceware.org/overseers/ZJ3Tihvu6GbOb8%2FR@elastic.org/
Would it be possible for gitsigur to support signing commits with ssh
keys as well as gpg? Git supports this, and it's much easier for
everybody than having to set up gpg.
We already need an SSH key on sourceware.org to push to Git, so all
those public keys could be treated as trusted (via git config
gpg.ssh.allowedSignersFile). You could then sign your commits with the
same key that you use to push to sourceware.
Does requiring using a second, different key to sign commits really
add any value? If somebody has compromised my ssh key and can push to
sourceware, are we hoping that they won't have compromised my gpg key
as well?
I'm already signing my GCC commits that way, without needing to use
gpg or gitsigur:
commit 7c2a9dbcc2c1cb1563774068c59d5e09edc59f06 [r14-10008-g7c2a9dbcc2c1cb]
Good "git" signature for jwakely@redhat.com with RSA key
SHA256:8rFaYhDWn09c3vjsYIg2JE9aSpcxzTnCqajoKevrUUo
Author: Jonathan Wakely <jwakely@redhat.com>
Date: Thu Mar 21 23:09:14 2024
next prev parent reply other threads:[~2024-04-19 9:33 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-17 23:27 Mark Wielaard
2024-04-18 6:04 ` Thomas Koenig
2024-04-18 8:14 ` FX Coudert
2024-04-18 9:01 ` Christophe Lyon
2024-04-18 11:38 ` Janne Blomqvist
2024-04-18 12:01 ` Generated files in libgfortran for Fortran intrinsic procedures (was: Updated Sourceware infrastructure plans) Tobias Burnus
2024-04-18 12:32 ` Martin Uecker
2024-04-19 9:35 ` Updated Sourceware infrastructure plans Jonathan Wakely
2024-04-18 15:56 ` Joseph Myers
2024-04-18 17:37 ` Frank Ch. Eigler
2024-04-18 17:54 ` Joseph Myers
2024-04-18 18:29 ` Matt Rice
2024-04-22 15:39 ` Tom Tromey
2024-04-23 2:55 ` Jason Merrill
2024-04-23 3:12 ` Simon Marchi
2024-04-23 3:24 ` Tom Tromey
2024-04-23 3:51 ` Jason Merrill
2024-04-23 8:56 ` Mark Wielaard
2024-04-23 9:39 ` Richard Earnshaw (lists)
2024-04-23 15:08 ` Tom Tromey
2024-04-23 15:25 ` Simon Marchi
2024-04-24 8:49 ` Aktemur, Tankut Baris
2024-04-23 4:06 ` Ian Lance Taylor
2024-04-23 9:30 ` Richard Earnshaw (lists)
2024-04-23 13:51 ` Ian Lance Taylor
2024-05-01 19:15 ` Jeff Law
2024-05-01 19:38 ` Jonathan Wakely
2024-05-01 20:20 ` Mark Wielaard
2024-05-01 20:53 ` Tom Tromey
2024-05-01 21:04 ` Simon Marchi
2024-05-02 15:35 ` Pedro Alves
2024-05-02 23:05 ` Fangrui Song
[not found] ` <DS7PR12MB57651DA3A5C22B2847C13580CB182@DS7PR12MB5765.namprd12.prod.outlook.com>
2024-05-07 16:17 ` Joseph Myers
2024-05-10 10:43 ` Ben Boeckel
2024-05-01 20:04 ` Jason Merrill
2024-05-01 21:26 ` Mark Wielaard
2024-05-01 22:01 ` Sergio Durigan Junior
2024-05-02 12:54 ` Claudio Bantaloukas
2024-05-02 15:33 ` Pedro Alves
2024-05-03 2:59 ` Ian Lance Taylor
2024-05-04 19:56 ` Ben Boeckel
2024-05-05 5:22 ` Benson Muite
2024-05-06 13:58 ` Ben Boeckel
2024-05-07 16:26 ` Joseph Myers
2024-05-01 21:38 ` Jeff Law
2024-05-02 6:47 ` Richard Biener
2024-05-02 11:29 ` Ian Lance Taylor
2024-05-02 14:26 ` Simon Marchi
2024-05-02 11:45 ` Mark Wielaard
2024-05-01 22:56 ` Tom Tromey
2024-04-23 10:34 ` Florian Weimer
2024-04-22 10:01 ` Mark Wielaard
2024-04-22 13:23 ` Joseph Myers
2024-04-19 9:33 ` Jonathan Wakely [this message]
2024-04-22 10:24 ` Mark Wielaard
2024-04-22 11:40 ` Jonathan Wakely
2024-04-23 0:48 ` Frank Ch. Eigler
2024-05-16 15:58 ` Cristian Rodríguez
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAH6eHdSnMtHOdb2WCqR83Km5b_EmuM1Ni12oMjsXU_1u9GA7Nw@mail.gmail.com \
--to=jwakely.gcc@gmail.com \
--cc=binutils@sourceware.org \
--cc=gcc@gcc.gnu.org \
--cc=gdb@sourceware.org \
--cc=libc-alpha@sourceware.org \
--cc=mark@klomp.org \
--cc=overseers@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).