From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS8560 212.227.0.0/16 X-Spam-Status: No, score=-4.2 required=3.0 tests=AWL,BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H2,SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.0 Received: from mout.gmx.net (mout.gmx.net [212.227.17.22]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id 551DF1F6C1; Fri, 26 Aug 2016 08:08:49 +0000 (UTC) Received: from virtualbox ([37.24.141.250]) by mail.gmx.com (mrgmx101) with ESMTPSA (Nemesis) id 0LeiJ8-1amkzc2aTu-00qSyu; Fri, 26 Aug 2016 10:08:26 +0200 Date: Fri, 26 Aug 2016 10:08:24 +0200 (CEST) From: Johannes Schindelin X-X-Sender: virtualbox@virtualbox To: Arif Khokar cc: Philip Oakley , Duy Nguyen , Jeff King , Stefan Beller , "meta@public-inbox.org" , "git@vger.kernel.org" , Eric Wong , =?UTF-8?Q?Jakub_Nar=C4=99bski?= Subject: Re: Working with public-inbox.org [Was: [PATCH] rev-parse: respect core.hooksPath in --git-path] In-Reply-To: Message-ID: References: <20160819150340.725bejnps6474u2e@sigill.intra.peff.net> User-Agent: Alpine 2.20 (DEB 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Provags-ID: V03:K0:wly90vgJJTQA5TGdvidYtdhVLwYOn1mUMdkkcQ787SH9rXi6VZG cfFAVX2iZiS9rvLB04tFkck3Vj1rLDaHRLolEdOCyxJ4hO0d0HEBn+xKFYYzXSwGRzg3rWK xSxnd5qejqsnl/T4yTJlZNryK0tDALOJlwTxYxh5tv+JT3mjptuS0p5XnNiYs1G6f/6QKD8 Pqk3fwBEdMzYexkjVmXjA== X-UI-Out-Filterresults: notjunk:1;V01:K0:Bx+cYqdxwF8=:iGt+EsO6PWsKpFwRVkC3xR S6iNrkO9XsZziv1tGA1z0aMuFb96TRcCnRIBEEUlpRNFTXNKhjMhT1uvBLBtMGCZOIpBunQBT z7bLyXJxVHD1ev+jL5P3Ggl2VuVsoagIwE2k5KqLrehkwV/kFxFwpxF1IUzNZmK8VK5ImdVUG 2mjZ50aNYDSgNkzIeQ4iFV4Z+aDGAftB1fJ/c8QrpDK1UZYuKIJc2Y0KsRlSZ60vLhhDMjXBs B9c4kZUKY/yMNEpmKcnt/waZYrk35UN3NQnx9gA+ZmDZBBHZxa+YODscROUUaNUwRVCzhp67+ eGroLiGa9DxTOyIlCoChUXb6E2qFkOwuJkL0QTxzJA8mzhY0XUZ1Knyp5T0Zy1ggW476tjcLM 2e+d01QRNyPgp9hsUWHZL2hcGbX1hIIA8QoMG7v159URd8ylr+aUMRPLj+UeijVxgBxZI0YX8 5/+dl7sXxg7pQ7pxt35Hp62l0YlmzEzhvSbdtQUjO4r9pnr4uX+8CTE24x2U+1TA2VYCR+YVe JYqq5BnFInF9RDl15auhjUosao2f4rfCpoqfc8MfXUV3UW45MjnPkM8BppNw0OvheuTSqgSK9 jXhQ1Iaq1H55axJnBGdMwbrG3tk3jMrRboDWOc2MJQfd9Fr471q+0qTBWTCbRVp+iTrdmw/uZ rpOBebQFzyVdFsq+VboNyO+WyA+jcVIPPMryvJalNe+UldI+YmHTviccrPTUR36hUDQ/N+esj 66AX4rJwcQZ56OH0VTrbfT/fEOGp2G4Mj0142lfC4mK4hRMjkU/xGzniXQNZCK6x4pEgnJ73J ATpHcNe List-Id: Hi Arif, On Thu, 25 Aug 2016, Arif Khokar wrote: > On 08/25/2016 09:01 AM, Johannes Schindelin wrote: > > > > On Thu, 25 Aug 2016, Arif Khokar wrote: > > >>> I considered recommending this as some way to improve the review > >>> process. The problem, of course, is that it is very easy to craft > >>> an email with an innocuous patch and then push some malicious patch > >>> to the linked repository. > >> > >> It should be possible to verify the SHA1 of the blob before and after > >> the patch is applied given the values listed near the beginning of > >> the git diff output. > > > > There is no guarantee that the SHA-1 has not been tampered with. > > I was implying that the resulting SHA1 of the blob after the malicious > patch was applied would differ compared to the resulting blob after > applying the innocuous patch. Even if you alter the SHA1 value within > the patch itself, it doesn't change the SHA1 of the result (unless > you're able to get a hash collision). > > But, if you want to guarantee that the SHA1 hasn't been tampered in the > email, you could sign it with your private GPG key and others could > verify the signature with your public key (assuming the web-of-trust > applies). Given that I try to convince my fellow core Git developers to adopt an *easier* patch submission process, that wastes less of contributors' time, I would be strongly opposed to requiring a web of trust and GPG signatures just to be able to submit patches to git.git. Ciao, Johannes