Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 23, 2013
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
And the prohibition against HTTP makes no sense to me at all.
Public Git hosting
Posted Oct 25, 2011 16:31 UTC (Tue) by dlang (✭ supporter ✭, #313)
if someone is requesting a pull from a place that is known to have done user verification this isn't an issue.
note that this is not saying that you have to have an account on one of these trusted places to participate in kernel development. it's just the final layer (the lieutenants and maintainers sending their pull requests to Linus) that is has this requirement. This is so that Linus can trust the source he is pulling from, at the lower levels the patches are supposed to be validated more directly so there is less need for trust.
Posted Oct 25, 2011 19:38 UTC (Tue) by corbet (editor, #1)
About http, that's purely a performance thing. The git:// protocol is far more bandwidth-efficient than the git-over-http protocol.
Posted Oct 25, 2011 20:13 UTC (Tue) by obrakmann (subscriber, #38108)
Posted Oct 25, 2011 21:09 UTC (Tue) by dlang (✭ supporter ✭, #313)
Posted Oct 26, 2011 0:46 UTC (Wed) by neilbrown (subscriber, #359)
All you really need to sign is the email requesting the 'pull' and make sure the hash of the commit is in that email and easy for Linus to either use directly or check.
Unfortunately I cannot ask Linus to
git pull git://myhost/path hash-tag-goes-here
because git doesn't want a hash-tag, it wants a refspec.
However if git-pull were changed to accept that, and git-request-pull were changed to output exactly the right 'git pull' command, then Linus could just verify the signature on the email (which I hope is email client is up to!) and use the command that is in it. Then it doesn't matter how secure the hosting provider is - if the pull succeeds, it can be trusted as much as the person who signed the email.
So yes: a little bit cumbersome, but not much.
Public Git hosting - pull request in signed email
Posted Oct 28, 2011 20:19 UTC (Fri) by giraffedata (subscriber, #1954)
All you really need to sign is the email requesting the 'pull' and ...
Isn't that (verifying that email signature) the part Linus says is too cumbersome?
I haven't personally ever known anyone to verify an email signature, and I'm pretty sure my email reader (Emacs Rmail) can't do it, so I don't know what's involved.
Posted Oct 28, 2011 21:16 UTC (Fri) by neilbrown (subscriber, #359)
The mail reader I use (clawsmail) verifies email signatures quite nicely, and will even fetch keys for me. I don't think it warns me when someone changes keys which is something I would like.
Even emacs/vm can check mail signing...
I assumed that the bits that were too cumbersome were the signing and verification built in to git-tag.
Posted Nov 3, 2011 1:06 UTC (Thu) by slashdot (guest, #22014)
As far as I can tell, most mail clients support GPG and will tell you whether an e-mail is signed by a trusted key.
If using a custom mail client, it should be very easy to invoke GPG appropriately to do that check.
Posted Oct 25, 2011 21:12 UTC (Tue) by jimparis (subscriber, #38647)
Surely the smart HTTP transport is fine?
Posted Oct 25, 2011 21:14 UTC (Tue) by corbet (editor, #1)
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds