git@vger.kernel.org mailing list mirror (one of many)
 help / color / mirror / code / Atom feed
From: "brian m. carlson" <sandals@crustytoothpaste.net>
To: Junio C Hamano <gitster@pobox.com>
Cc: Eric Sunshine <sunshine@sunshineco.com>,
	Ben Toews <mastahyeti@gmail.com>, Git List <git@vger.kernel.org>,
	Taylor Blau <me@ttaylorr.com>, Jeff King <peff@peff.net>,
	Ben Toews <btoews@github.com>
Subject: Re: [PATCH 8/8] gpg-interface: handle alternative signature types
Date: Tue, 17 Apr 2018 00:12:12 +0000	[thread overview]
Message-ID: <20180417001212.GC14631@genre.crustytoothpaste.net> (raw)
In-Reply-To: <xmqqbmejyc4j.fsf@gitster-ct.c.googlers.com>

[-- Attachment #1: Type: text/plain, Size: 1737 bytes --]

On Mon, Apr 16, 2018 at 02:05:32PM +0900, Junio C Hamano wrote:
> "brian m. carlson" <sandals@crustytoothpaste.net> writes:
> 
> > On Tue, Apr 10, 2018 at 04:24:27AM -0400, Eric Sunshine wrote:
> >> How confident are we that _all_ possible signing programs will conform
> >> to the "-----BEGIN %s-----" pattern? If we're not confident, then
> >> perhaps the user should be providing the full string here, not just
> >> the '%s' part?
> >
> > This is not likely to be true of other signing schemes.  In fact, other
> > than OpenPGP, PEM, and CMS (S/MIME), this is probably not true at all.
> 
> Hmph.  
> 
> That argues more strongly that we would regret unless we make the
> end-user configuration to at least the whole string (which later can
> be promoted to "a pattern that matches the whole string"), not just
> the part after mandatory "-----BEGIN ", methinks.

Yeah, I think this patch set is "add gpgsm support", which I can see as
a valuable goal in and of itself, but I'm not sure the attempt to make
it generic is in the right place.  If we want to be truly generic, the
way to do that is to invoke a helper based on signature type (e.g.
git-sign-gpg, git-sign-gpgsm, git-sign-signify) to do the signing and
verification.  We need not ship these helpers ourselves; interested
third-parties can provide them, and we can add configuration to match
against regexes for non-built-in types (which is required for many other
formats).

If we just want to add gpgsm support, that's fine, but we should be
transparent about that fact and try to avoid making an interface which
is at once too generic and not generic enough.
-- 
brian m. carlson: Houston, Texas, US
OpenPGP: https://keybase.io/bk2204

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 867 bytes --]

  reply	other threads:[~2018-04-17  0:12 UTC|newest]

Thread overview: 46+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-04-09 20:41 [PATCH 0/8] gpg-interface: Multiple signing tools Ben Toews
2018-04-09 20:41 ` [PATCH 1/8] gpg-interface: handle bool user.signingkey Ben Toews
2018-04-09 20:55   ` Eric Sunshine
2018-04-10 14:32     ` Jeff King
2018-04-09 20:41 ` [PATCH 2/8] gpg-interface: modernize function declarations Ben Toews
2018-04-09 20:41 ` [PATCH 3/8] gpg-interface: use size_t for signature buffer size Ben Toews
2018-04-09 20:41 ` [PATCH 4/8] gpg-interface: fix const-correctness of "eol" pointer Ben Toews
2018-04-09 20:41 ` [PATCH 5/8] gpg-interface: extract gpg line matching helper Ben Toews
2018-04-09 20:41 ` [PATCH 6/8] gpg-interface: find the last gpg signature line Ben Toews
2018-04-09 21:13   ` Eric Sunshine
2018-04-10  9:44   ` Junio C Hamano
2018-04-10 14:47     ` Ben Toews
2018-04-10 21:04       ` Junio C Hamano
2018-04-10 22:17         ` Junio C Hamano
2018-04-11 15:19           ` Ben Toews
2018-04-09 20:41 ` [PATCH 7/8] gpg-interface: prepare for parsing arbitrary PEM blocks Ben Toews
2018-04-09 20:41 ` [PATCH 8/8] gpg-interface: handle alternative signature types Ben Toews
2018-04-09 21:01   ` Stefan Beller
2018-04-10  8:24   ` Eric Sunshine
2018-04-10 15:00     ` Ben Toews
2018-04-14 19:59     ` brian m. carlson
2018-04-16  5:05       ` Junio C Hamano
2018-04-17  0:12         ` brian m. carlson [this message]
2018-04-17  1:54           ` Junio C Hamano
2018-04-17 18:08             ` Ben Toews
2018-04-17 18:33               ` Taylor Blau
2018-05-03 16:03                 ` Ben Toews
2018-05-07  9:45           ` Jeff King
2018-05-07 15:18             ` Junio C Hamano
2018-05-07 23:06             ` brian m. carlson
2018-05-08 13:28               ` Jeff King
2018-05-08 23:09                 ` brian m. carlson
2018-05-09  8:03                   ` Jeff King
2018-04-10  9:35   ` Junio C Hamano
2018-04-10 16:01     ` Ben Toews
2018-04-11 10:11   ` SZEDER Gábor
2018-04-13 21:18 ` [PATCH v2 0/9] gpg-interface: Multiple signing tools Ben Toews
2018-04-13 21:18 ` [PATCH v2 1/9] t7004: fix mistaken tag name Ben Toews
2018-04-13 21:18 ` [PATCH v2 2/9] gpg-interface: handle bool user.signingkey Ben Toews
2018-04-13 21:18 ` [PATCH v2 3/9] gpg-interface: modernize function declarations Ben Toews
2018-04-13 21:18 ` [PATCH v2 4/9] gpg-interface: use size_t for signature buffer size Ben Toews
2018-04-13 21:18 ` [PATCH v2 5/9] gpg-interface: fix const-correctness of "eol" pointer Ben Toews
2018-04-13 21:18 ` [PATCH v2 6/9] gpg-interface: extract gpg line matching helper Ben Toews
2018-04-13 21:18 ` [PATCH v2 7/9] gpg-interface: find the last gpg signature line Ben Toews
2018-04-13 21:18 ` [PATCH v2 8/9] gpg-interface: prepare for parsing arbitrary PEM blocks Ben Toews
2018-04-13 21:18 ` [PATCH v2 9/9] gpg-interface: handle alternative signature types Ben Toews

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: http://vger.kernel.org/majordomo-info.html

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180417001212.GC14631@genre.crustytoothpaste.net \
    --to=sandals@crustytoothpaste.net \
    --cc=btoews@github.com \
    --cc=git@vger.kernel.org \
    --cc=gitster@pobox.com \
    --cc=mastahyeti@gmail.com \
    --cc=me@ttaylorr.com \
    --cc=peff@peff.net \
    --cc=sunshine@sunshineco.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://80x24.org/mirrors/git.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).