From: Junio C Hamano <gitster@pobox.com>
To: Luke Shumaker <lukeshu@lukeshu.com>
Cc: git@vger.kernel.org, "Elijah Newren" <newren@gmail.com>,
"Jeff King" <peff@peff.net>,
"Johannes Schindelin" <Johannes.Schindelin@gmx.de>,
"Nguyễn Thái Ngọc Duy" <pclouds@gmail.com>,
"Taylor Blau" <me@ttaylorr.com>,
"brian m . carlson" <sandals@crustytoothpaste.net>,
"Eric Sunshine" <sunshine@sunshineco.com>,
"Luke Shumaker" <lukeshu@datawire.io>
Subject: Re: [PATCH v3 2/3] fast-export: rename --signed-tags='warn' to 'warn-verbatim'
Date: Fri, 30 Apr 2021 09:03:05 +0900 [thread overview]
Message-ID: <xmqqeeesfxl2.fsf@gitster.g> (raw)
In-Reply-To: <87pmycq5h7.wl-lukeshu@lukeshu.com> (Luke Shumaker's message of "Thu, 29 Apr 2021 13:02:28 -0600")
Luke Shumaker <lukeshu@lukeshu.com> writes:
> How about:
>
> | Specify how to handle signed tags. Since any transformation after the
> | export (or during the export, such as excluding revisions) can change
> | the hashes being signed, the signatures may not match.
I find it a bit worrying that it is unclear what the signature may
not match. Knowing Git, I know the answer is "contents that is
signed", and I want to make sure it is clear for all readers.
Would "may become invalid" be better? I dunno.
> | When asking to 'abort' (which is the default), this program will die
> | when encountering a signed tag. With 'strip', the tags will silently
> | be made unsigned, with 'warn-strip' they will be made unsigned but a
> | warning will be displayed, with 'verbatim', they will be silently
> | exported and with 'warn-verbatim' (or 'warn', a deprecated synonym),
> | they will be exported, but you will see a warning. 'verbatim' should
> | not be used unless you know that no transformations affecting tags
> | will be performed, or unless you do not care that the resulting tag
> | will have an invalid signature.
OK.
As the current version of "fast-import" has no way to specify what
is done to incoming signed tags, it may be the best we can do to
discourage 'verbatim'. But if it learns "--signed-tags=<disposition>",
I think the resulting ecosystem would become much better.
In the ideal world, I would imagine that we want to encourage to
always write out the original signatures to the export stream, let
any intermediary filters process the stream, and at the very end
stage at fast-import, have the --signed-commit/tag option to control
what is done to such signatures. The set of plausible options are
what you invented for the export side in this series, plus "if the
signature still matches, keep it, otherwise strip with warning".
If we want to get closer to such an ideal world (you can point out I
am wrong and why such a world is not ideal, of course, though), we
probably do not want to add "--signed-commit" to "fast-export", as
it will have to get deprecated when the ideal world happens.
Rather, the future would deprecate the existing "--signed-tags"
option from "fast-export" instead.
next prev parent reply other threads:[~2021-04-30 0:03 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-22 0:27 [PATCH v2 0/3] fast-export, fast-import: implement signed-commits Luke Shumaker
2021-04-22 0:27 ` [PATCH v2 1/3] git-fast-import.txt: add missing LF in the BNF Luke Shumaker
2021-04-22 0:27 ` [PATCH v2 2/3] fast-export: rename --signed-tags='warn' to 'warn-verbatim' Luke Shumaker
2021-04-22 3:59 ` Eric Sunshine
2021-04-22 4:43 ` Luke Shumaker
2021-04-22 4:50 ` Luke Shumaker
2021-04-22 0:27 ` [PATCH v2 3/3] fast-export, fast-import: implement signed-commits Luke Shumaker
2021-04-23 16:41 ` [PATCH v3 0/3] " Luke Shumaker
2021-04-23 16:41 ` [PATCH v3 1/3] git-fast-import.txt: add missing LF in the BNF Luke Shumaker
2021-04-23 16:41 ` [PATCH v3 2/3] fast-export: rename --signed-tags='warn' to 'warn-verbatim' Luke Shumaker
2021-04-28 3:29 ` Junio C Hamano
2021-04-29 19:02 ` Luke Shumaker
2021-04-30 0:03 ` Junio C Hamano [this message]
2021-04-23 16:41 ` [PATCH v3 3/3] fast-export, fast-import: implement signed-commits Luke Shumaker
2021-04-28 4:02 ` Junio C Hamano
2021-04-29 20:06 ` Luke Shumaker
2021-04-29 22:38 ` Elijah Newren
2021-04-29 23:42 ` Junio C Hamano
2021-04-30 2:23 ` Elijah Newren
2021-04-30 3:20 ` Junio C Hamano
2021-04-30 17:07 ` Luke Shumaker
2021-04-30 19:34 ` Luke Shumaker
2021-04-30 19:59 ` Elijah Newren
2021-04-30 22:21 ` Luke Shumaker
2021-04-30 23:25 ` [PATCH v4 0/5] fast-export, fast-import: add support for signed-commits Luke Shumaker
2021-04-30 23:25 ` [PATCH v4 1/5] git-fast-import.txt: add missing LF in the BNF Luke Shumaker
2021-04-30 23:25 ` [PATCH v4 2/5] fast-export: rename --signed-tags='warn' to 'warn-verbatim' Luke Shumaker
2021-04-30 23:25 ` [PATCH v4 3/5] git-fast-export.txt: clarify why 'verbatim' may not be a good idea Luke Shumaker
2021-04-30 23:25 ` [PATCH v4 4/5] fast-export: do not modify memory from get_commit_buffer Luke Shumaker
2021-05-03 4:41 ` Junio C Hamano
2021-04-30 23:25 ` [PATCH v4 5/5] fast-export, fast-import: add support for signed-commits Luke Shumaker
2021-05-03 5:09 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqeeesfxl2.fsf@gitster.g \
--to=gitster@pobox.com \
--cc=Johannes.Schindelin@gmx.de \
--cc=git@vger.kernel.org \
--cc=lukeshu@datawire.io \
--cc=lukeshu@lukeshu.com \
--cc=me@ttaylorr.com \
--cc=newren@gmail.com \
--cc=pclouds@gmail.com \
--cc=peff@peff.net \
--cc=sandals@crustytoothpaste.net \
--cc=sunshine@sunshineco.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).