From: "brian m. carlson" <sandals@crustytoothpaste.net>
To: "René Scharfe" <l.s.r@web.de>, "Jason Pyeron" <jpyeron@pdinc.us>,
git@vger.kernel.org
Subject: Re: git archive setting user and group
Date: Sat, 23 Jan 2021 01:05:00 +0000 [thread overview]
Message-ID: <YAt2PPM4HRcKva9a@camp.crustytoothpaste.net> (raw)
In-Reply-To: <20210122213954.7dlnnpngjoay3oia@chatter.i7.local>
[-- Attachment #1: Type: text/plain, Size: 2124 bytes --]
On 2021-01-22 at 21:39:54, Konstantin Ryabitsev wrote:
> On Fri, Jan 22, 2021 at 10:00:04PM +0100, René Scharfe wrote:
> > Adding support for using a custom user and group should be easy. Is
> > this just a cosmetic thing? Regular users would ignore the user info in
> > the archive, and root should not be used for extracting, and on systems
> > that don't have a logwatch user this wouldn't make a difference anyway,
> > right?
>
> Right now, "git archive" operations are bit-for-bit identical across all
> versions going back at least 8+ years. In fact, we've been relying on this to
> support bundling tarball signatures with git tags themselves (via git notes).
> E.g. you can see this in action here:
> https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v5.10.9
>
> If you click on "(sig)", you will download a signature that can be used to
> verify the tarball generated using "git archive".
Please do not rely on this behavior. I want to state in the strongest
possible terms that this is not guaranteed behavior and it may change at
any time. We have explicitly said so on the list multiple times. If
you need reproducible archives, you need to add a tool to canonicalize
them in a suitable format and not rely on Git to never change things.
If you are relying on this behavior right now, I urge you to change that
at your earliest possible convenience. I don't want to break
kernel.org's infrastructure again, but I'm also not going to tiptoe
around sending patches in fear of that, nor feel bad if it happens again
for this reason.
> I would argue that adding user/group support to "git archive" operation is
> not really solving any problems other than "it's different from when I run it
> as a regular user" -- and can introduce potential compatibility problems if
> implemented.
I agree that this feature isn't really something we want. Git produces
tar archives for software interchange, in which case producing an
intentionally anonymous tarball is the desired behavior.
--
brian m. carlson (he/him or they/them)
Houston, Texas, US
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 263 bytes --]
next prev parent reply other threads:[~2021-01-23 1:07 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-22 20:40 git archive setting user and group Jason Pyeron
2021-01-22 21:00 ` René Scharfe
2021-01-22 21:13 ` Jason Pyeron
2021-01-22 21:39 ` Konstantin Ryabitsev
2021-01-22 22:02 ` Jason Pyeron
2021-01-22 22:28 ` Ævar Arnfjörð Bjarmason
2021-01-23 1:05 ` brian m. carlson [this message]
2021-01-23 4:58 ` Jeff King
2021-01-23 5:16 ` Konstantin Ryabitsev
2021-01-23 5:11 ` Konstantin Ryabitsev
2021-01-22 22:29 ` Junio C Hamano
2021-01-22 22:51 ` Jason Pyeron
-- strict thread matches above, loose matches on Subject: below --
2021-01-22 20:09 Jason Pyeron
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YAt2PPM4HRcKva9a@camp.crustytoothpaste.net \
--to=sandals@crustytoothpaste.net \
--cc=git@vger.kernel.org \
--cc=jpyeron@pdinc.us \
--cc=l.s.r@web.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).