* [PATCH] request-pull: filter out SSH/X.509 tag signatures
@ 2023-01-25 23:01 Gwyneth Morgan
2023-01-25 23:19 ` Junio C Hamano
2023-01-25 23:47 ` [PATCH v2] " Gwyneth Morgan
0 siblings, 2 replies; 5+ messages in thread
From: Gwyneth Morgan @ 2023-01-25 23:01 UTC (permalink / raw)
To: git; +Cc: Junio C Hamano, Gwyneth Morgan
git request-pull filters PGP signatures out of the tag message, but not
SSH or X.509 signatures.
---
git-request-pull.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/git-request-pull.sh b/git-request-pull.sh
index 2d0e44656c..01640a044b 100755
--- a/git-request-pull.sh
+++ b/git-request-pull.sh
@@ -153,7 +153,7 @@ for you to fetch changes up to %H:
if test $(git cat-file -t "$head") = tag
then
git cat-file tag "$head" |
- sed -n -e '1,/^$/d' -e '/^-----BEGIN PGP /q' -e p
+ sed -n -e '1,/^$/d' -e '/^-----BEGIN \(PGP\|SSH\|SIGNED\) /q' -e p
echo
echo "----------------------------------------------------------------"
fi &&
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] request-pull: filter out SSH/X.509 tag signatures
2023-01-25 23:01 [PATCH] request-pull: filter out SSH/X.509 tag signatures Gwyneth Morgan
@ 2023-01-25 23:19 ` Junio C Hamano
2023-01-25 23:45 ` Gwyneth Morgan
2023-01-25 23:47 ` [PATCH v2] " Gwyneth Morgan
1 sibling, 1 reply; 5+ messages in thread
From: Junio C Hamano @ 2023-01-25 23:19 UTC (permalink / raw)
To: Gwyneth Morgan; +Cc: git
Gwyneth Morgan <gwymor@tilde.club> writes:
> git request-pull filters PGP signatures out of the tag message, but not
> SSH or X.509 signatures.
> ---
Please sign-off your contribution.
cf. Documentation/SubmittingPatches[[sign-off]]
> git-request-pull.sh | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/git-request-pull.sh b/git-request-pull.sh
> index 2d0e44656c..01640a044b 100755
> --- a/git-request-pull.sh
> +++ b/git-request-pull.sh
> @@ -153,7 +153,7 @@ for you to fetch changes up to %H:
> if test $(git cat-file -t "$head") = tag
> then
> git cat-file tag "$head" |
> - sed -n -e '1,/^$/d' -e '/^-----BEGIN PGP /q' -e p
> + sed -n -e '1,/^$/d' -e '/^-----BEGIN \(PGP\|SSH\|SIGNED\) /q' -e p
This makes readers debate themselves if being more specific and
narrow like the posted patch is safer and better, or making it
looser by just requiring "^-----BEGIN " and making it forward
looking is sufficient and maintainable.
If this were signed-off already, I would have said "let's queue it
as-is, while waiting for input from others", but without a sign-off
I am not queuing (yet).
Thanks.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] request-pull: filter out SSH/X.509 tag signatures
2023-01-25 23:19 ` Junio C Hamano
@ 2023-01-25 23:45 ` Gwyneth Morgan
0 siblings, 0 replies; 5+ messages in thread
From: Gwyneth Morgan @ 2023-01-25 23:45 UTC (permalink / raw)
To: Junio C Hamano; +Cc: git
On 2023-01-25 15:19:34-0800, Junio C Hamano wrote:
> Please sign-off your contribution.
> cf. Documentation/SubmittingPatches[[sign-off]]
Oops! I will resend with a sign-off.
> > git-request-pull.sh | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/git-request-pull.sh b/git-request-pull.sh
> > index 2d0e44656c..01640a044b 100755
> > --- a/git-request-pull.sh
> > +++ b/git-request-pull.sh
> > @@ -153,7 +153,7 @@ for you to fetch changes up to %H:
> > if test $(git cat-file -t "$head") = tag
> > then
> > git cat-file tag "$head" |
> > - sed -n -e '1,/^$/d' -e '/^-----BEGIN PGP /q' -e p
> > + sed -n -e '1,/^$/d' -e '/^-----BEGIN \(PGP\|SSH\|SIGNED\) /q' -e p
>
> This makes readers debate themselves if being more specific and
> narrow like the posted patch is safer and better, or making it
> looser by just requiring "^-----BEGIN " and making it forward
> looking is sufficient and maintainable.
I could imagine someone having a tag with a line starting that way (not
realizing it's a common pattern for signatures to take) and being
confused at why it's being removed. The likelihood of someone doing
that, and using request-pull with that tag, is pretty low though, so I
don't have a strong preference.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH v2] request-pull: filter out SSH/X.509 tag signatures
2023-01-25 23:01 [PATCH] request-pull: filter out SSH/X.509 tag signatures Gwyneth Morgan
2023-01-25 23:19 ` Junio C Hamano
@ 2023-01-25 23:47 ` Gwyneth Morgan
2023-01-26 0:18 ` Junio C Hamano
1 sibling, 1 reply; 5+ messages in thread
From: Gwyneth Morgan @ 2023-01-25 23:47 UTC (permalink / raw)
To: git; +Cc: Junio C Hamano, Gwyneth Morgan
git request-pull filters PGP signatures out of the tag message, but not
SSH or X.509 signatures.
Signed-off-by: Gwyneth Morgan <gwymor@tilde.club>
---
git-request-pull.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/git-request-pull.sh b/git-request-pull.sh
index 2d0e44656c..01640a044b 100755
--- a/git-request-pull.sh
+++ b/git-request-pull.sh
@@ -153,7 +153,7 @@ for you to fetch changes up to %H:
if test $(git cat-file -t "$head") = tag
then
git cat-file tag "$head" |
- sed -n -e '1,/^$/d' -e '/^-----BEGIN PGP /q' -e p
+ sed -n -e '1,/^$/d' -e '/^-----BEGIN \(PGP\|SSH\|SIGNED\) /q' -e p
echo
echo "----------------------------------------------------------------"
fi &&
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH v2] request-pull: filter out SSH/X.509 tag signatures
2023-01-25 23:47 ` [PATCH v2] " Gwyneth Morgan
@ 2023-01-26 0:18 ` Junio C Hamano
0 siblings, 0 replies; 5+ messages in thread
From: Junio C Hamano @ 2023-01-26 0:18 UTC (permalink / raw)
To: Gwyneth Morgan; +Cc: git
Gwyneth Morgan <gwymor@tilde.club> writes:
> git request-pull filters PGP signatures out of the tag message, but not
> SSH or X.509 signatures.
>
> Signed-off-by: Gwyneth Morgan <gwymor@tilde.club>
> ---
> git-request-pull.sh | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/git-request-pull.sh b/git-request-pull.sh
> index 2d0e44656c..01640a044b 100755
> --- a/git-request-pull.sh
> +++ b/git-request-pull.sh
> @@ -153,7 +153,7 @@ for you to fetch changes up to %H:
> if test $(git cat-file -t "$head") = tag
> then
> git cat-file tag "$head" |
> - sed -n -e '1,/^$/d' -e '/^-----BEGIN PGP /q' -e p
> + sed -n -e '1,/^$/d' -e '/^-----BEGIN \(PGP\|SSH\|SIGNED\) /q' -e p
> echo
> echo "----------------------------------------------------------------"
> fi &&
Thanks, queued.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2023-01-26 0:18 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-01-25 23:01 [PATCH] request-pull: filter out SSH/X.509 tag signatures Gwyneth Morgan
2023-01-25 23:19 ` Junio C Hamano
2023-01-25 23:45 ` Gwyneth Morgan
2023-01-25 23:47 ` [PATCH v2] " Gwyneth Morgan
2023-01-26 0:18 ` Junio C Hamano
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).