[Python-Dev] python-checkins (original) (raw)
Dirkjan Ochtman dirkjan at ochtman.nl
Tue Jul 13 22:45:53 CEST 2010
- Previous message: [Python-Dev] python-checkins
- Next message: [Python-Dev] python-checkins
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This is getting a little off-topic, but let me just respond to this...
On Tue, Jul 13, 2010 at 22:10, Barry Warsaw <barry at python.org> wrote:
Does Mercurial have a similar feature? If so, I would suggest that we enable that and require committers to use registered gpg keys to sign their commits. We'd always have a verifiable chain back to a responsible party, and committers would be responsible for any changes or patches they merge on behalf of others. IME the overhead is pretty trivial, but then I'm quite comfortable with gpg concepts and tools.
I wrote something on Stack Overflow about this today, which I reproduce here:
You could verify that whoever is pushing the cset is also the committer (by matching http or ssh authentication). This is somewhat limiting because it can be useful when people push other developer's changesets.
You could use the pgp extension (from hgext) to explicitly sign changesets after committing, but it's kind of a drag if you want to do it for every changeset. In Mercurial, we only do this for releases.
http://bitbucket.org/mg/commitsigs is another extension, which takes a different tack to signing (I believe it doesn't sign the commit metadata, only the file tree, which lets it sign before the commit is finished, meaning it doesn't take up an extra cset).
Mozilla uses a pushlog which just tracks who pushed what. This lets you look in the commit history on the server (but only there) to see who pushed what group of changesets, giving you a better paper trail than you normally get. This can also be provided by changegroup notifications, if you include the guy who did the push in the email (this is what Python will do once their conversion is done).
Note that, if you're going to require that each cset is signed, each non-committer contributor also has to have this facility, which IMO raises the bar significantly. I think I added the pushing user to the commit mails to provide just this kind of paper trail. Given the tamper-proofness of the SHA1 changeset ID's (and yes, hg will move to some newer hash algorithm at some point before SHA1 becomes too easy to crack), I don't think signing each cset adds much value.
Cheers,
Dirkjan
- Previous message: [Python-Dev] python-checkins
- Next message: [Python-Dev] python-checkins
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]