diff options
| author | Chris Beams <chris@beams.io> | 2014-06-09 17:34:18 +0200 |
|---|---|---|
| committer | bitcoindev <bitcoindev@gnusha.org> | 2014-06-09 15:34:34 +0000 |
| commit | d8607589b8778494f3fdc601e82bbd3325fa7abb (patch) | |
| tree | 3e1d2f00d0f4ab764d02e27be574afb02aae90b1 | |
| parent | 88638fa5fa35286da6ce1d575d31a013a273fa72 (diff) | |
| download | pi-bitcoindev-d8607589b8778494f3fdc601e82bbd3325fa7abb.tar.gz pi-bitcoindev-d8607589b8778494f3fdc601e82bbd3325fa7abb.zip | |
Re: [Bitcoin-development] PSA: Please sign your git commits
| -rw-r--r-- | f0/d53560cf43646dcf56e2d46fc1ddd941c4fad6 | 172 |
1 files changed, 172 insertions, 0 deletions
diff --git a/f0/d53560cf43646dcf56e2d46fc1ddd941c4fad6 b/f0/d53560cf43646dcf56e2d46fc1ddd941c4fad6 new file mode 100644 index 000000000..33198ed47 --- /dev/null +++ b/f0/d53560cf43646dcf56e2d46fc1ddd941c4fad6 @@ -0,0 +1,172 @@ +Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] + helo=mx.sourceforge.net) + by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) + (envelope-from <chris@beams.io>) id 1Wu1ak-00051i-5O + for bitcoin-development@lists.sourceforge.net; + Mon, 09 Jun 2014 15:34:34 +0000 +X-ACL-Warn: +Received: from chello084114181075.1.15.vie.surfer.at ([84.114.181.75] + helo=dh35.beams.io) by sog-mx-3.v43.ch3.sourceforge.com with esmtp + (Exim 4.76) id 1Wu1ai-0005W7-9E + for bitcoin-development@lists.sourceforge.net; + Mon, 09 Jun 2014 15:34:34 +0000 +Received: from localhost (localhost [127.0.0.1]) + by dh35.beams.io (Postfix) with ESMTP id CCE7E34BAFB; + Mon, 9 Jun 2014 17:35:04 +0200 (CEST) +X-Virus-Scanned: amavisd-new at dh35.beams.io +Received: from dh35.beams.io ([127.0.0.1]) + by localhost (dh35.beams.io [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id hCz49pBt1T9W; Mon, 9 Jun 2014 17:35:03 +0200 (CEST) +Received: from [192.168.0.69] (chello084114181075.1.15.vie.surfer.at + [84.114.181.75]) + by dh35.beams.io (Postfix) with ESMTPSA id 0CCBD34BAEE; + Mon, 9 Jun 2014 17:35:03 +0200 (CEST) +Content-Type: multipart/signed; + boundary="Apple-Mail=_F2A2D0B3-E93A-4BBB-8140-C33AF8FA38ED"; + protocol="application/pgp-signature"; micalg=pgp-sha512 +Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\)) +From: Chris Beams <chris@beams.io> +In-Reply-To: <CA+s+GJD2B2LC2ssehvm+x-QUoXCsYMcp-1ctBko94XEw0dUzpg@mail.gmail.com> +Date: Mon, 9 Jun 2014 17:34:18 +0200 +Message-Id: <83628434-1F3A-4C39-942A-F7238E61D0DA@beams.io> +References: <CA+s+GJBNWh0Py9KB4Y+B19ACeHOygtkLrPw5SbZ0SrVs50pqvg@mail.gmail.com> + <7B48B9D4-5FB0-42CA-A462-C20D3F345A9A@beams.io> + <CA+s+GJC8=OHmmF7fc-fT8fQDWE1uNcCS8-ELEKr0MjQ4CpbPBA@mail.gmail.com> + <CA+s+GJD2B2LC2ssehvm+x-QUoXCsYMcp-1ctBko94XEw0dUzpg@mail.gmail.com> +To: Wladimir <laanwj@gmail.com>, + Bitcoin Dev <bitcoin-development@lists.sourceforge.net> +X-Mailer: Apple Mail (2.1878.2) +X-Spam-Score: 1.3 (+) +X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. + See http://spamassassin.org/tag/ for more details. + 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, + https://senderscore.org/blacklistlookup/ + [84.114.181.75 listed in bl.score.senderscore.com] + 0.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address + [84.114.181.75 listed in dnsbl.sorbs.net] +X-Headers-End: 1Wu1ai-0005W7-9E +Subject: Re: [Bitcoin-development] PSA: Please sign your git commits +X-BeenThere: bitcoin-development@lists.sourceforge.net +X-Mailman-Version: 2.1.9 +Precedence: list +List-Id: <bitcoin-development.lists.sourceforge.net> +List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>, + <mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe> +List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development> +List-Post: <mailto:bitcoin-development@lists.sourceforge.net> +List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help> +List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>, + <mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe> +X-List-Received-Date: Mon, 09 Jun 2014 15:34:34 -0000 + + +--Apple-Mail=_F2A2D0B3-E93A-4BBB-8140-C33AF8FA38ED +Content-Transfer-Encoding: quoted-printable +Content-Type: text/plain; + charset=us-ascii + +An update on this topic: + +With the release of Git 2.0, automatic commit signing is now possible = +with the 'commit.gpgsign' configuration option [1]. This means that = +interactively rebased or cherry-picked commits are also re-signed on the = +fly. The absence of this ability in prior versions of Git meant that = +signing every commit wasn't a practical policy for anyone using rebase = +as a regular part of their local development workflow. Now it can be. + +Merging also works as expected with this feature turned on. + +One caveat I've identified thus far is a negative impact on speed when a = +large number of commits are involved. Any time you're signing a commit, = +you're interacting with the gpg-agent daemon, and this is roughly an = +order of magnitude slower than signing without committing. + +Speed without signing: + + $ echo '' >> README.md; time git commit -am"Test commit speed" = +--no-gpg-sign + [...] + real 0m0.031s + +and with: + + $ echo '' >> README.md; time git commit -am"Test commit speed" = +--gpg-sign + [...] + real 0m0.360s + +For a single commit, this slowdown is negligible as it is still well = +below sub-second. However, if one were rebasing a local development = +branch with dozens of commits, you can see how the time would quickly = +add up. + +Personally, I think that in practice I'll be willing to deal with with a = +few seconds' wait on those relatively rare occasions, and therefore I'm = +going to keep auto-signing enabled for now [2]. + +- Chris + +[1]: http://article.gmane.org/gmane.comp.version-control.git/250341 +[2]: https://github.com/cbeams/dotfiles/commit/d7da74 + +On May 23, 2014, at 12:23 PM, Wladimir <laanwj@gmail.com> wrote: + +> On Wed, May 21, 2014 at 7:10 PM, Wladimir <laanwj@gmail.com> wrote: +>> Hello Chris, +>>=20 +>> On Wed, May 21, 2014 at 6:39 PM, Chris Beams <chris@beams.io> wrote: +>>> I'm personally happy to comply with this for any future commits, but = +wonder +>>> if you've considered the arguments against commit signing [1]? Note +>>> especially the reference therein to Linus' original negative opinion = +on +>>> signed commits [2]. +>>=20 +>> Yes, I've read it. But would his alternative, signing tags, really +>> help us more here? How would that work? How would we have to = +structure +>> the process? +>=20 +> I think a compromise - that is similar to signing tags but would still +> work with the github process, and leaves a trail after merge - would +> be: if you submit a stack of commits, only sign the most recent one. +>=20 +> As each commit contains the cryptographic hash of the previous commit, +> which in turns contains the hash of that before it up to the root +> commit, signing every commit if you have multiple in a row is +> redundant. +>=20 +> I'll update the document and put it in the repository. +>=20 +> Wladimir + + +--Apple-Mail=_F2A2D0B3-E93A-4BBB-8140-C33AF8FA38ED +Content-Transfer-Encoding: 7bit +Content-Disposition: attachment; + filename=signature.asc +Content-Type: application/pgp-signature; + name=signature.asc +Content-Description: Message signed with OpenPGP using GPGMail + +-----BEGIN PGP SIGNATURE----- +Comment: GPGTools - https://gpgtools.org + +iQIcBAEBCgAGBQJTldP7AAoJED0hT49bxe1zTy8P/jttliCBLhDuJG1psuzxwWj/ +moo6b3bhEmH8QcsyvpyReAR78tUccwTzt8IJxk+yUWngWm82JGy8J00WWJiifBgk +GIXALE2lAB2DiDNJFlDskBZoIYOV+dHSuSJyBM20AHQYIdrlPb0N+0Tk0RM16zTK +SMquFWJip/qzQahLDsGAzh8uv+ZSZd271j0nHYDOBRUzlUb9tp4kwHtn3m+trjzS +HcPzKslCUCOezMBm70DXHo7hCCsu9J5G5ZI3Cm3L++nlSwTescBZMbBV9cC9QjVm +w7NpcdyyRxcMbagiseqiqiP54XofvtyiN9aL/12Bcx5cQuAx83YjqOAVldIQ1RxB +Lq6ZRhgvdPPU5Fb7Aa5sNVSS2EnloH6Ld0hPM7c7dtJxZRBQK1ssoyXsL7MNGKzR +FpORwxmX/31VJDOYUTS7vD5fA6dmauNcqTsNYt2AQnKURqnyt2UOlwoHWorD2IEm +qK9Vzog4lmk2wxm4queW9J2c7NYY6moSHZ1tOq/XaW9XObvttLKmVW4iL8nTmZcZ +sJynk0SCy4tw604w1aF+P+Aj495WdcfAjsaPO8BKK8jBbYKPZiTSpjPXJTKKzh7G +J18YlHOKIcBMzwCn1gDiqW2+DAQ49l9k/zmwzW37LjcjFezEA6YYUITxUKmPw5g4 +2jXB4dBGsNlH7WGgF27z +=oRca +-----END PGP SIGNATURE----- + +--Apple-Mail=_F2A2D0B3-E93A-4BBB-8140-C33AF8FA38ED-- + + |