bug-guix
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#22883: Trustable "guix pull"


From: Ludovic Courtès
Subject: bug#22883: Trustable "guix pull"
Date: Tue, 26 Apr 2016 00:25:11 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)

Hello!

Christopher Allan Webber <address@hidden> skribis:

> On top of that, even if you run from git proper what there isn't a test
> about is: can you trust those latest commits?  Git doesn't really check,
> at least by default.
>
>   https://mikegerwitz.com/papers/git-horror-story
>
> How about this: anyone with commit access should use "signed off by" and
> gpg signatures combined.  We should keep some list of guix committers'
> gpg keys.  No commit should be pushed to guix without a gpg signature.
> At this point, at least, there is some possibility of auditing things.

To make progress on this front, I’ve decided to start signing all my
commits, so:

--8<---------------cut here---------------start------------->8---
$ git config commit.gpgsign
true
$ git config --global user.signingkey
090B11993D9AEBB5
--8<---------------cut here---------------end--------------->8---

I invite everyone to do the same.  Hopefully, within a few weeks, we can
add a commit hook to reject unsigned commits.

Note that we’ll be signing patches we push on behalf of contributors who
do not have commit access (reviewer’s responsibility).

Also, rebasing, amending, and cherry-picking code signed by someone else
would lose the original signature, which isn’t great and should be
avoided, if possible.

What remains to be seen, among other things, is how we’ll maintain a
keyring of the committers, and how we’ll distribute it to users of ‘guix
pull’; the TUF spec has clever ideas about it, but we need to see how
they map to our setup.

Thoughts?

Ludo’.

Attachment: signature.asc
Description: PGP signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]