From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS53758 23.128.96.0/24 X-Spam-Status: No, score=-3.9 required=3.0 tests=AWL,BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI, SPF_HELO_PASS,SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by dcvr.yhbt.net (Postfix) with ESMTP id BB1CF1F5AE for ; Wed, 21 Apr 2021 19:31:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236322AbhDUTbf (ORCPT ); Wed, 21 Apr 2021 15:31:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40388 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235159AbhDUTbc (ORCPT ); Wed, 21 Apr 2021 15:31:32 -0400 Received: from mav.lukeshu.com (mav.lukeshu.com [IPv6:2001:19f0:5c00:8069:5400:ff:fe26:6a86]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6A096C06174A for ; Wed, 21 Apr 2021 12:30:59 -0700 (PDT) Received: from lukeshu-dw-thinkpad (c-73-229-136-185.hsd1.co.comcast.net [73.229.136.185]) by mav.lukeshu.com (Postfix) with ESMTPSA id C9E7080590; Wed, 21 Apr 2021 15:30:57 -0400 (EDT) Date: Wed, 21 Apr 2021 13:28:47 -0600 Message-ID: <87fszj309c.wl-lukeshu@lukeshu.com> From: Luke Shumaker To: Elijah Newren Cc: Luke Shumaker , Git Mailing List , Luke Shumaker Subject: Re: [PATCH 0/3] fast-export, fast-import: implement signed-commits In-Reply-To: References: <20210419225441.3139048-1-lukeshu@lukeshu.com> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM-LB/1.14.9 (=?ISO-8859-4?Q?Goj=F2?=) APEL-LB/10.8 EasyPG/1.0.0 Emacs/27.2 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org On Wed, 21 Apr 2021 12:12:40 -0600, Elijah Newren wrote: > > On Mon, Apr 19, 2021 at 3:54 PM Luke Shumaker wrote: > > > > From: Luke Shumaker > > > > fast-export has an existing --signed-tags= flag that controls how to > > handle tag signatures. However, there is no equivalent for commit > > signatures; it just silently strips the signature out of the commit > > (analogously to --signed-tags=strip). > > > > So implement a --signed-commits= flag in fast-export, and implement > > the receiving side of it in fast-import. > > I understand adding an option to fast-export, but shouldn't there also > be one for fast-import? In particular, I can see users wanting any of > the following: > > * I want these signatures exported and imported because I know I won't > tweak them and they'll still be valid. > * I want these signatures even though they'll be invalid. Whatever, > I'll just deal with it. > * I want the signatures exported and imported *when they will remain > valid*. Always exporting them makes sense, because fast-export > doesn't know about tweaks I'll be making to its output before feeding > it to fast-import. But fast-import should have options to > strip-if-invalid/warn-if-invalid/error-if-invalid/import-without-warning > for these tags (though they don't have to use these exact names). > > I know fast-import doesn't do anything of the sort for signed tags, > but fast-import also doesn't support signed tags as per this comment > in the documentation: > > """ > Signing annotated tags during import from within fast-import is not > supported. Trying to include your own PGP/GPG signature is not > recommended, as the frontend does not (easily) have access to the > complete set of bytes which normally goes into such a signature. > If signing is required, create lightweight tags from within fast-import with > `reset`, then create the annotated versions of those tags offline > with the standard 'git tag' process. > """ > > it just happens to "work" since the signature is part of the > annotation and fast-import doesn't attempt to read or validate the > annotation in any way, treating it as free-from text. I'd say users > relying on this are on somewhat shaky ground. > > But here you're adding explicit fast-import directives to the language > for signatures of commits, so you clearly do need to care. And I > suspect fast-import's default should be error-if-invalid rather than > import-without-warning. I agree that this would be a good and useful flag to add to fast-import. However, I don't think that it's a necessary thing to add for this work, and I think that it's beyond the scope of what I am willing to implement. I see where you're coming from when you say that tags and commits are different in this regard, but I don't agree. The signed tags situation does look like shakey ground, but IMO once fast-export gained the --signed-tags option, that was saying "this is the correct and stable way of encoding a tag signature in a fast-import stream". The fact that it is wonky in that it is shoved in to the message is an accident of implementation history, and to me doesn't say anything about the nature of the thing. I think that such a flag in fast-import is just as worthy of existing for tags as it is worthy of existing for commits. Actually, I'm not sure I think such flags belong in fast-import itself, I think it may make good sense to have such a filter implemented as an external tool. Fast-export and fast-import seem to avoid using the many parts of standard git library functions, apparently (to me) to avoid allocations because "fast". Given that trouble gone to just to avoid allocations, calling out to GPG seems prohibitively slow by comparison. But I agree such functionality would be good and useful, regardless of whether I think it belongs in fast-import itself. -- Happy hacking, ~ Luke Shumaker