From owner-freebsd-current@freebsd.org Wed Dec 23 02:32:53 2020 Return-Path: Delivered-To: freebsd-current@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3FA264CFB2F for ; Wed, 23 Dec 2020 02:32:53 +0000 (UTC) (envelope-from jmg@gold.funkthat.com) Received: from gold.funkthat.com (gate2.funkthat.com [208.87.223.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "gate2.funkthat.com", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4D0y101KNVz3jV0; Wed, 23 Dec 2020 02:32:51 +0000 (UTC) (envelope-from jmg@gold.funkthat.com) Received: from gold.funkthat.com (localhost [127.0.0.1]) by gold.funkthat.com (8.15.2/8.15.2) with ESMTPS id 0BN2WiCt041720 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 22 Dec 2020 18:32:44 -0800 (PST) (envelope-from jmg@gold.funkthat.com) Received: (from jmg@localhost) by gold.funkthat.com (8.15.2/8.15.2/Submit) id 0BN2WhCK041718; Tue, 22 Dec 2020 18:32:43 -0800 (PST) (envelope-from jmg) Date: Tue, 22 Dec 2020 18:32:43 -0800 From: John-Mark Gurney To: Brooks Davis , Thomas Mueller , freebsd-current@freebsd.org Subject: Re: HEADS UP: FreeBSD src repo transitioning to git this weekend Message-ID: <20201223023242.GG31099@funkthat.com> Mail-Followup-To: Brooks Davis , Thomas Mueller , freebsd-current@freebsd.org References: <31ab8015-a0c4-af77-0ead-a17da0f88f1d@freebsd.org> <5fdc0b90.1c69fb81.866eb.8c29SMTPIN_ADDED_MISSING@mx.google.com> <20201218175241.GA72552@spindle.one-eyed-alien.net> <20201218182820.1P0tK%steffen@sdaoden.eu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20201218182820.1P0tK%steffen@sdaoden.eu> X-Operating-System: FreeBSD 11.3-STABLE amd64 X-PGP-Fingerprint: D87A 235F FB71 1F3F 55B7 ED9B D5FF 5A51 C0AC 3D65 X-Files: The truth is out there X-URL: https://www.funkthat.com/ X-Resume: https://www.funkthat.com/~jmg/resume.html X-TipJar: bitcoin:13Qmb6AeTgQecazTWph4XasEsP7nGRbAPE X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? User-Agent: Mutt/1.6.1 (2016-04-27) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (gold.funkthat.com [127.0.0.1]); Tue, 22 Dec 2020 18:32:44 -0800 (PST) X-Rspamd-Queue-Id: 4D0y101KNVz3jV0 X-Spamd-Bar: - X-Spamd-Result: default: False [-1.80 / 15.00]; RCVD_TLS_ALL(0.00)[]; ARC_NA(0.00)[]; FREEFALL_USER(0.00)[jmg]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[funkthat.com]; RBL_DBL_DONT_QUERY_IPS(0.00)[208.87.223.18:from]; AUTH_NA(1.00)[]; SPAMHAUS_ZRD(0.00)[208.87.223.18:from:127.0.2.255]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_SPF_NA(0.00)[no SPF record]; FREEMAIL_TO(0.00)[freebsd.org,twc.com]; FORGED_SENDER(0.30)[jmg@funkthat.com,jmg@gold.funkthat.com]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:32354, ipnet:208.87.216.0/21, country:US]; FROM_NEQ_ENVFROM(0.00)[jmg@funkthat.com,jmg@gold.funkthat.com]; MAILMAN_DEST(0.00)[freebsd-current]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Dec 2020 02:32:53 -0000 Steffen Nurpmeso wrote this message on Fri, Dec 18, 2020 at 19:28 +0100: > Brooks Davis wrote in > <20201218175241.GA72552@spindle.one-eyed-alien.net>: > |On Thu, Dec 17, 2020 at 05:53:20PM -0800, Thomas Mueller wrote: > |>>> I hope we don't have to start signing all commits. saltstack/salt has > |>>> that policy, and it's extremely annoying. > |> > |>> Have to? Not currently. As with all process changes, there will be > |>> community discussion around the different points. > |> > |>> Warner > |> > |> I hope not! > |> > |> Signatures, at least in email messages, are just an annoyance as \ > |> I see them. > |> > |> I don't even know how do sign an email message or make use of a signatur\ > |> e in a message I receive. > |> > |> I have never made a commit to a repository, so would not be familiar \ > |> with signatures there; imagine it would be a barrier. > | > |Signed commits have no practicl effect on users of a repo. > > Well you can verify integrity of a repository regardless of how it > was distributed, this is why it is done, right. > > #?0$ git log --oneline --show-signature -1 v14.9.20.ar > 16a21755 (...) > gpg: Signature made Sun 13 Dec 2020 12:43:44 AM CET > gpg: using RSA key DF082F6AEEC8C2FF > gpg: Good signature from "Steffen Nurpmeso " > Bump S-nail v14.9.20.ar ("Sombre Tit (Trauermeise)"), 2020-12-12 > > #?0$ git tag -v v14.9.20.ar; echo $? > object 16a21755fd1fade2b15fdb78a592f12169c3453f > type commit > tag v14.9.20.ar > tagger Steffen Nurpmeso 1607816624 +0100 > > Bump S-nail v14.9.20.ar ("Sombre Tit (Trauermeise)"), 2020-12-12 > gpg: Signature made Sun 13 Dec 2020 12:43:44 AM CET > gpg: using RSA key DF082F6AEEC8C2FF > gpg: Good signature from "Steffen Nurpmeso " > 0 TL;DR I don't see any reason for devs to sign commits. I could see use for RE (or another entity) to occasionally (weekly?) sign the repo (say COPYRIGHT or UPDATING), and it would be nice for them to sign all the tags used for releases, but having every dev would both make the dev's life difficult... It's also hard to collect ALL the keys of the devs at any point in time to decide if that key is authorized to sign a commit in the repo... Like if a dev starts in 2021, any commits made by that dev prior to 2021 should not be "valid".. Then there's also the issue that people's keys change over time, and now you need to know what time period each key was valid for, otherwise a compromised key could be used to insert malicious changes into your/the tree... Then there's also the point that the repo is (looks like it) using SHA-1 hashes, which are effectively broken, so depending upon them to validate the tree is questionable anyways. -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."