From: Santiago Torres <santiago@nyu.edu>
To: Jonathan Nieder <jrnieder@gmail.com>
Cc: Colin Walters <walters@verbum.org>,
Stefan Beller <sbeller@google.com>, git <git@vger.kernel.org>
Subject: Re: upstreaming https://github.com/cgwalters/git-evtag ?
Date: Wed, 10 Jan 2018 11:38:57 -0500 [thread overview]
Message-ID: <20180110163856.5uy4lbon322ey3ns@LykOS.localdomain> (raw)
In-Reply-To: <20180109203849.GA30468@aiede.svl.corp.google.com>
[-- Attachment #1: Type: text/plain, Size: 1598 bytes --]
> > push for hash-agnosticity. I don't know if git-evtag is hash agnostic,
> > but if it is not, then we have two transition plans to think about.
>
> I don't think there's even a question here: Git has to transition off
> of SHA-1.
>
> In that context, Stefan's comment is a welcome one: once we've
> transitioned off of SHA-1, having a separate evtag feature would make
> git more complicated without any benefit to match. To put it another
> way, the gpgsig-sha256 field described in
> Documentation/technical/hash-function-transition.txt provides
> essentially the same functionality as an evtag. What's missing is an
> implementation of it.
>
> I'm happy to help in any way I can (reviews, advice, etc).
Same here, although I'm a bit swamped with other work...
>
> > Full disclosure, I published a "competing" solution a couple of years
> > ago[1] but, in my personal opinion, I think push certificates can
> > achieve the same security guarantees as my system with very little
> > changes.
>
> Work to improve the usability of push certs would also be very very
> welcome.
I agree. I personally think that at least the sample hook work on here
would be a good candidate for this[1], although I don't know what's the
status of it. The way they are right now, they should at least warn when
push certificates are not enabled on the server side (i.e., there is no
hook to handle it).
>
> Thanks and hope that helps,
> Jonathan
No, thanks to you :)
-Santiago.
[1] https://public-inbox.org/git/20171202091248.6037-1-root@shikherverma.com/
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
prev parent reply other threads:[~2018-01-10 16:36 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-08 20:12 upstreaming https://github.com/cgwalters/git-evtag ? Colin Walters
2018-01-08 20:34 ` Johannes Schindelin
2018-01-08 20:40 ` Santiago Torres
2018-01-08 20:42 ` Colin Walters
2018-01-08 20:51 ` Santiago Torres
2018-01-08 20:49 ` Stefan Beller
2018-01-08 20:54 ` Santiago Torres
2018-01-09 2:30 ` Colin Walters
2018-01-09 18:09 ` Santiago Torres
2018-01-09 20:38 ` Jonathan Nieder
2018-01-10 16:38 ` Santiago Torres [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180110163856.5uy4lbon322ey3ns@LykOS.localdomain \
--to=santiago@nyu.edu \
--cc=git@vger.kernel.org \
--cc=jrnieder@gmail.com \
--cc=sbeller@google.com \
--cc=walters@verbum.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).