From: Eric Wong <e@80x24.org>
To: Johannes Schindelin <Johannes.Schindelin@gmx.de>
Cc: "Philip Oakley" <philipoakley@iee.org>,
"Duy Nguyen" <pclouds@gmail.com>, "Jeff King" <peff@peff.net>,
"Stefan Beller" <sbeller@google.com>,
meta@public-inbox.org, git@vger.kernel.org,
"Jakub Narębski" <jnareb@gmail.com>,
"Arif Khokar" <arif_khokar@hotmail.com>
Subject: Re: Working with public-inbox.org [Was: [PATCH] rev-parse: respect core.hooksPath in --git-path]
Date: Wed, 24 Aug 2016 19:16:51 +0000 [thread overview]
Message-ID: <20160824191651.GC8578@whir> (raw)
In-Reply-To: <alpine.DEB.2.20.1608241459360.4924@virtualbox>
Johannes Schindelin <Johannes.Schindelin@gmx.de> wrote:
> On Mon, 22 Aug 2016, Philip Oakley wrote:
> > I do note that dscho's patches now have the extra footer (below the three
> > dashes) e.g.
> >
> > Published-As: https://github.com/dscho/git/releases/tag/cat-file-filters-v1
> > Fetch-It-Via: git fetch https://github.com/dscho/git cat-file-filters-v1
> >
> > If say I used that, and sent my patch series via Outlook Express (<sigh>),
> > with it's white space damage, would those footers help once the content has
> > been reviewed (rather than white spacing style) in the applying the patch?
>
> I considered recommending this as some way to improve the review process.
> The problem, of course, is that it is very easy to craft an email with an
> innocuous patch and then push some malicious patch to the linked
> repository.
Perhaps an automated checker of some sort packaged with git
would help.
(And perhaps combinable with the downloader Arif proposed)
> Now, with somebody like me who would lose a lot when destroying trust, it
> is highly unlikely. But it is possible that in between the hundreds of
> sincere contributors a bad apple tries to sneak in bad stuff.
Yes, I would never mix reviews + patch applications of emails vs
git-fetched data. Having a sender providing both is good; but
the recipient needs to pick one or the other to use exclusively
for that series.
Either look exclusively at what is fetched and respond to that;
or look exclusively at emails and ignore data from git fetch.
However, ensuring the emails and the contents of the git fetch
could be done optionally to ensure there's no tampering or
accidents for other reviewers.
> Therefore, if we were to support a Git-driven contribution process that
> *also* sends mail, that mail needs to be generated by a trusted source, to
> ensure that the content of the mail is identical to the original Git
> commits.
For decentralized systems, independent reproducibilility is
needed. Rather than trusting one source, I'd rather have some
sort of downloading + checking tool which checks multiple
mirrors (git protocols and NNTP). That would allow users to
independently verify the veracity of what they got emailed vs
what is fetched.
next prev parent reply other threads:[~2016-08-24 19:16 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-16 16:55 Working with public-inbox.org [Was: [PATCH] rev-parse: respect core.hooksPath in --git-path] Stefan Beller
2016-08-16 17:10 ` Junio C Hamano
2016-08-16 17:20 ` Jeff King
2016-08-16 17:54 ` Junio C Hamano
2016-08-16 17:22 ` Stefan Beller
2016-08-16 17:47 ` Junio C Hamano
2016-08-16 20:44 ` Eric Wong
2016-08-16 20:56 ` Eric Wong
2016-08-18 12:42 ` Johannes Schindelin
2016-08-18 20:49 ` Eric Wong
2016-08-18 21:41 ` Junio C Hamano
2016-08-19 15:18 ` Johannes Schindelin
2016-08-19 15:30 ` Johannes Schindelin
2016-08-19 16:55 ` Stefan Beller
2016-08-19 22:35 ` Eric Wong
2016-08-22 13:38 ` Johannes Schindelin
2016-08-22 19:21 ` Jeff King
2016-08-19 22:35 ` Eric Wong
2016-08-22 13:18 ` Johannes Schindelin
2016-08-22 18:05 ` Jakub Narębski
2016-08-25 13:21 ` Johannes Schindelin
2016-08-28 18:23 ` Jakub Narębski
2016-08-29 10:46 ` Johannes Schindelin
2016-08-22 22:55 ` Eric Wong
2016-08-25 12:58 ` Johannes Schindelin
2016-08-27 22:38 ` Jakub Narębski
2016-08-28 8:36 ` Working with public-inbox.org Johannes Schindelin
2016-08-28 11:41 ` Jakub Narębski
2016-08-29 5:35 ` Johannes Schindelin
2016-08-19 15:03 ` Working with public-inbox.org [Was: [PATCH] rev-parse: respect core.hooksPath in --git-path] Jeff King
2016-08-20 19:57 ` Jakub Narębski
2016-08-23 4:47 ` Arif Khokar
2016-08-24 15:34 ` Johannes Schindelin
2016-08-24 18:49 ` Eric Wong
2016-08-24 19:12 ` Jeff King
2016-08-24 19:27 ` Eric Wong
2016-08-25 3:40 ` Arif Khokar
2016-08-25 2:41 ` Arif Khokar
2017-02-10 16:10 ` Johannes Schindelin
2017-02-13 5:52 ` Arif Khokar
2017-02-13 14:37 ` Johannes Schindelin
2017-02-14 3:56 ` Arif Khokar
2017-02-14 3:59 ` Arif Khokar
2017-02-14 7:13 ` Eric Wong
2017-02-13 19:21 ` Junio C Hamano
2017-02-14 3:55 ` Arif Khokar
2017-02-14 4:41 ` Junio C Hamano
2017-02-14 5:09 ` Arif Khokar
2017-02-14 5:14 ` Jeff King
2016-08-22 13:06 ` Johannes Schindelin
2016-08-22 13:15 ` Duy Nguyen
2016-08-22 20:38 ` Philip Oakley
2016-08-24 13:04 ` Johannes Schindelin
2016-08-24 19:16 ` Eric Wong [this message]
2016-08-25 13:08 ` Johannes Schindelin
2016-08-25 3:57 ` Arif Khokar
2016-08-25 13:01 ` Johannes Schindelin
2016-08-25 23:14 ` Arif Khokar
2016-08-26 8:08 ` Johannes Schindelin
2016-08-27 22:26 ` Jakub Narębski
2016-08-28 8:38 ` Johannes Schindelin
2016-08-28 13:45 ` Announcing Git User's Survey 2016 [was: Working with public-inbox.org] Jakub Narębski
2016-09-09 13:06 ` Johannes Schindelin
2016-09-09 18:51 ` Jakub Narębski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://public-inbox.org/README
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160824191651.GC8578@whir \
--to=e@80x24.org \
--cc=Johannes.Schindelin@gmx.de \
--cc=arif_khokar@hotmail.com \
--cc=git@vger.kernel.org \
--cc=jnareb@gmail.com \
--cc=meta@public-inbox.org \
--cc=pclouds@gmail.com \
--cc=peff@peff.net \
--cc=philipoakley@iee.org \
--cc=sbeller@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/public-inbox.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).