From: "Florine W. Dekker" <florine@fwdekker.com>
To: "René Scharfe" <l.s.r@web.de>, git@vger.kernel.org
Cc: "brian m . carlson" <sandals@crustytoothpaste.net>
Subject: Re: Wildcards in mailmap to hide transgender people's deadnames
Date: Wed, 14 Sep 2022 11:07:34 +0200 [thread overview]
Message-ID: <f13bc5aa-dadd-a895-eeca-79bd77c5363b@fwdekker.com> (raw)
In-Reply-To: <854127f2-55aa-5636-813d-d91b8a4cdcbc@web.de>
On 14/09/2022 09:40, René Scharfe wrote:
> Am 13.09.22 um 23:53 schrieb Florine W. Dekker:
>> Now, John can now add the following line to their mailmap config:
>> `John Doe <john.doe@example.com> <\*.doe@example.com>`, which does
>> not reveal their old name.
> That would falsely attribute the work of possible future developers
> ann.doe@example.com and bob.doe@example.com to John as well.
Good point. I assumed such false positives would be unlikely because I
was considering very-small-scale projects, but I agree that using
wildcards is not at all feasible for larger projects.
> Supporting hashed entries would allow for a more targeted obfuscation.
> That was discussed a while ago:
> https://lore.kernel.org/git/20210103211849.2691287-1-sandals@crustytoothpaste.net/
That was an interesting read. I agree with Ævar in that thread in that I
think URL encoding is sufficient. I think it meets Brian's use case of
never having to see the old name again, and my use case of obfuscating
it from accidental discovery by friendly collaborators. While a hash
certainly gives a stronger sense of security, I think it's a false sense
of security, because, as you note below, recovering old email addresses
from the tree is not much more trivial than reversing the encoding. And
either way, a sha256 hash can easily be inverted in a few days(?) using
a dictionary attack with email addresses from data breaches. As someone
who has changed her name, I would be content with using a simple URL
encoding.
>> Someone could always spend more effort to uncover the name using more
>> advanced tools, but the point of this feature is to prevent
>> accidental discovery of the name in cases where completely hiding the
>> name is not feasible.
> Extracting old email addresses from a repository is easy by comparing
> authors' email addresses without and with mailmap applied, no advanced
> tools required. Here's mine from Git's own repo:
>
> $ git log --format='%ae %aE' |
> awk '$1 != $2 && !a[$0] {a[$0] = 1; print}' |
> grep -F l.s.r@web.de
> rene.scharfe@lsrfire.ath.cx l.s.r@web.de
>
> The same can be done with names (%an/%aN).
You're absolutely right. With "advanced tools" I was referring to
anything more advanced than a plain `git log` ;-)
- Florine
next prev parent reply other threads:[~2022-09-14 9:19 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-13 21:53 Wildcards in mailmap to hide transgender people's deadnames Florine W. Dekker
2022-09-14 7:40 ` René Scharfe
2022-09-14 9:07 ` Florine W. Dekker [this message]
2022-09-19 11:20 ` Ævar Arnfjörð Bjarmason
2022-09-19 12:27 ` rsbecker
2022-09-19 15:19 ` brian m. carlson
2022-09-19 16:31 ` Junio C Hamano
2022-09-19 17:26 ` brian m. carlson
2022-09-20 10:23 ` Ævar Arnfjörð Bjarmason
2022-09-20 14:58 ` Florine W. Dekker
2022-09-21 16:42 ` Junio C Hamano
2022-09-26 9:14 ` Ævar Arnfjörð Bjarmason
[not found] ` <CANgJU+Wt_yjv1phwiSUtLLZ=JKA9LvS=0UcBYNu+nxdJ_7d_Ew@mail.gmail.com>
2022-09-16 16:59 ` Florine W. Dekker
2022-09-20 0:32 ` brian m. carlson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f13bc5aa-dadd-a895-eeca-79bd77c5363b@fwdekker.com \
--to=florine@fwdekker.com \
--cc=git@vger.kernel.org \
--cc=l.s.r@web.de \
--cc=sandals@crustytoothpaste.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).