Re: [git patches] libata updates, GPG signed (but see admin notes)
|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
On Wed, 2 Nov 2011, Junio C Hamano wrote:
Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> writes:I hate how anonymous our branches are. Sure, we can use good names for them, but it was a mistake to think we should describe the repository (for gitweb), rather than the branch. Ok, "hate" is a strong word. I don't "hate" it. I don't even think it's a major design issue. But I do think that it would have been nicer if we had had some branch description model. ... Maybe just verifying the email message (with the suggested kind of change to "git request-pull") is actually the right approach. And what I should do is to just wrap my "git pull" in some script that I can just cut-and-paste the gpg-signed thing into, and which just does the "gpg --verify" on it, and then does the "git pull" after that. Because in many ways, "git request-pull" is when you do want to sign stuff. A developer might well want to push out his stuff for some random internal testing (linux-next, for example), and then only later decide "Ok, it was all good, now I want to make it 'official' and ask Linus to pull it", and sign it at *that* time, rather than when actually pushing it out.You keep saying cut-and-paste, but do you mind feeding the e-mail text itself to a tool, instead of cut-and-paste?
think webmail (i.e. gmail), to feed the e-mail itself to a tool you either need to cut-n-paste the entire e-mail or you have to first save the mail to a text file. both of which are significantly harder than doing a cut-n-past of a portion of the message.
The reason I am wondering about this is because in another topic (also in 'next') cooking there is an extended support for topic description for the branch that states what the purpose of the topic is why the requestor wants you to have it (this information can be set and updated with "git branch --edit-description"). A respond-to-request-pull wrapper you would use could be: - Get the e-mail from the standard input; - Pick up the signed bits and validate the signature; - Perform the requested fetch; and - Record the merge (or prepare .git/MERGE_MSG) with both the signed bits. and the "signed bits" could include: - the repository and the branch you were expected to pull; - the topic description. among other things the requestor can edit when request-pull message is prepared. That would get us back to your "the lieutenant tip is not so special, but the merge commit the integrator makes using that tip has the signature for this particular pull" model. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
-- To unsubscribe from this list: send the line "unsubscribe linux-ide" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html