From: Junio C Hamano <gitster@pobox.com>
To: "brian m. carlson" <sandals@crustytoothpaste.net>
Cc: "Ævar Arnfjörð Bjarmason" <avarab@gmail.com>, git@vger.kernel.org
Subject: Re: What's cooking in git.git (Jan 2021, #02; Fri, 8)
Date: Mon, 11 Jan 2021 11:04:11 -0800 [thread overview]
Message-ID: <xmqqeeir8fdg.fsf@gitster.c.googlers.com> (raw)
In-Reply-To: <X/uvhc5Hpu792qA/@camp.crustytoothpaste.net> (brian m. carlson's message of "Mon, 11 Jan 2021 01:53:09 +0000")
"brian m. carlson" <sandals@crustytoothpaste.net> writes:
> On 2021-01-09 at 23:20:25, Junio C Hamano wrote:
>> "brian m. carlson" <sandals@crustytoothpaste.net> writes:
>>
>> > On 2021-01-09 at 21:28:58, Junio C Hamano wrote:
>> >> Ævar Arnfjörð Bjarmason <avarab@gmail.com> writes:
>> >> > FWIW there was since a re-roll on 2021-01-03, but the discussion is
>> >> > sort-of outstanding, so maybe that's intentional...
>> >>
>> >> I had an impression that those 4 or 5 patches haven't gained
>> >> concensus that they are good as-is.
>> >
>> > There will be another reroll. I'm hoping to get to it this weekend.
>>
>> Thanks.
>
> Having read Ævar's latest comment, I've decided instead to drop this, so
> feel free to do so whenever it's convenient.
That's kind of sad.
I view that this is the kind of topic where perfect easily can
become an enemy of good, as there is by definition no perfection
available to us without breaking existing Git.
I do not know about Ævar, but to me, my initial impression while
reading the discussion from sideline was that the goal was to
prevent a mechanical scan of a recent version of .mailmap from
learning that Joe used to use Jane as his/her name, and that was the
reason why I asked to be convinced why encoding for obfuscation was
insufficient. In the above, I meant "mechanical scan" as something
like "a web search engine crawls and finds a .mailmap---a query for
Joe produces a line with some garbage on it that is not Jane." and a
casual attacker would stop there.
But of course, a casual attacker who knows urlencode or whatever
obfuscation in use can read that "garbage" once he/she knows that
"garbage" is worth attacking (i.e. it is known to be associated to
Joe, the person the attacker is interested in).
If your goal is to make it harder than just urlencode, even though
we all have to accept that scanning "git log --all" for all names
that appear in the history and hashing them all to see what name
hashes to the "garbage" in question, then @sha256:<hash> approach
does make sense as a stopping point. Perhaps we need to sell this
with a clear definition of what kind of attackes we are protecting
the name data from:
The attacker is required to obtain sufficient amount of history
in the project to uncover the obfuscation; a more casual
attackers will fail to uncover, and we declare that it is better
than nothing and it is good enough in practice.
or something like that? I am not sure if I drew the line at the
level you intended to draw in the above, if I think that it is good
enough in practice, or if I agree to a change that is better than
nothing but not good enough in practice, but having such a statement
would help to see where we agree or disagree.
Thanks.
next prev parent reply other threads:[~2021-01-11 19:07 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-08 19:22 What's cooking in git.git (Jan 2021, #02; Fri, 8) Junio C Hamano
2021-01-09 10:55 ` Ævar Arnfjörð Bjarmason
2021-01-09 21:28 ` Junio C Hamano
2021-01-09 22:05 ` brian m. carlson
2021-01-09 23:20 ` Junio C Hamano
2021-01-11 1:53 ` brian m. carlson
2021-01-11 19:04 ` Junio C Hamano [this message]
2021-01-12 14:00 ` Ævar Arnfjörð Bjarmason
2021-01-14 23:52 ` Emily Shaffer
2021-01-14 23:56 ` Emily Shaffer
2021-01-15 7:22 ` Junio C Hamano
2021-01-15 0:29 ` brian m. carlson
2021-01-15 1:44 ` Junio C Hamano
2021-01-16 16:23 ` Ævar Arnfjörð Bjarmason
2021-01-17 17:15 ` Jeff King
2021-01-17 20:22 ` Ævar Arnfjörð Bjarmason
2021-01-10 19:00 ` Ævar Arnfjörð Bjarmason
2021-01-11 0:21 ` Junio C Hamano
2021-01-09 21:38 ` David Aguilar
2021-01-09 23:08 ` Junio C Hamano
2021-01-14 23:06 ` Emily Shaffer
2021-01-15 1:50 ` Junio C Hamano
2021-01-15 2:24 ` Taylor Blau
2021-01-15 2:44 ` Taylor Blau
2021-01-15 2:36 ` Derrick Stolee
2021-01-15 2:54 ` Derrick Stolee
2021-01-15 6:36 ` Junio C Hamano
2021-01-15 6:38 ` Junio C Hamano
2021-01-15 11:36 ` Derrick Stolee
2021-01-15 19:44 ` Junio C Hamano
2021-01-15 20:08 ` Emily Shaffer
2021-01-15 20:59 ` Junio C Hamano
2021-01-15 19:52 ` Jeff King
2021-01-15 21:40 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqeeir8fdg.fsf@gitster.c.googlers.com \
--to=gitster@pobox.com \
--cc=avarab@gmail.com \
--cc=git@vger.kernel.org \
--cc=sandals@crustytoothpaste.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).