From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 783DF40DFE for ; Tue, 9 Aug 2022 11:22:50 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id B3CD868B7FC; Tue, 9 Aug 2022 14:22:48 +0300 (EEST) Received: from mail.flump.de (unknown [185.163.118.210]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 8741768B411 for ; Tue, 9 Aug 2022 14:22:42 +0300 (EEST) Received: from gump.localnet (ip4d166edb.dynamic.kabel-deutschland.de [77.22.110.219]) by mail.flump.de (Postfix) with ESMTPSA id 669FF8C1491 for ; Tue, 9 Aug 2022 13:22:41 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=flump.de; s=mail; t=1660044161; bh=MggbbTnTSAsaBGQPGkSwHRgHD9ARFagGXTy0V8hElWI=; h=From:To:Subject:Date:In-Reply-To:References; b=LejoXEcD0i6UmP++xazZjopIO8jK94kPGwV0B4Us/B5AYEK5l9zBXmUZqDx/bBtkZ tm1G4z2W3iIPuy0AGKa8Mre0GEjdkhXxwNYHtwhOqlZabfZlbBUnvirnphELwgCf0w 2sBXAZ2Hmle6aWxzl1o2anLYdvZLCCIU1Vfbv8dI= From: Gerion Entrup To: FFmpeg development discussions and patches Date: Tue, 09 Aug 2022 13:22:40 +0200 Message-ID: <3945817.inPcVpfQEU@gump> In-Reply-To: References: <20220808145008.26162-1-michael@niedermayer.cc> <20220808145008.26162-1-michael@niedermayer.cc-N8xvyjN----2> MIME-Version: 1.0 Subject: Re: [FFmpeg-devel] [RFC] git and signing commits and tags X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: multipart/mixed; boundary="===============0335683167630803971==" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: --===============0335683167630803971== Content-Type: multipart/signed; boundary="nextPart3226106.QDZCmsiozG"; micalg="pgp-sha512"; protocol="application/pgp-signature" --nextPart3226106.QDZCmsiozG Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="UTF-8"; protected-headers="v1" From: Gerion Entrup Subject: Re: [FFmpeg-devel] [RFC] git and signing commits and tags Date: Tue, 09 Aug 2022 13:22:40 +0200 Message-ID: <3945817.inPcVpfQEU@gump> In-Reply-To: MIME-Version: 1.0 Hi, Am Montag, 8. August 2022, 21:26:52 CEST schrieb Lynne: > Aug 8, 2022, 16:50 by michael@niedermayer.cc: > > > Given the recent server issues, i wonder if we should suggest/recommand > > and document signing commits and tags > > > > i tried to push such commit to github and it nicely says "verified" > > https://github.com/michaelni/FFmpeg/commit/75f196acd16fb0c0ca7a94f0c66072e7c6f736bf > > > > Ive generated a new gpg key for this experiment as i dont have my > > main key on the box used for git development and also using more > > modern eliptic curve stuff (smaller keys & sigs) > > i will upload this key to the keyservers in case it becomes the > > one i use for git. > > > > I sign all of my commits, I think it should be recommended but > not required. > > One downside is that you can sign commits from others with your > own key (for instance when pushing a patch from someone along > with your commits, and signing all at once via rebase), which can be > misleading, so it takes some work to reorder commits or push them > in stages so this doesn't happen. It makes sense that it's the > committer who's signing it, but git or github don't make a distinction > when it comes to signing. Since Git is kind of a blockchain (it includes the hash of the predecessor commits) you technically sign the entire tree anyways not just the individual commit. Especially in a rebase, the original author signs the original commit hash (which changes in a rebase), so it is not possible to use the same signature again. But I understand that a direct mapping between author and singing person would be nice. For releases, I think that the attacker model is important. The typical scenario is that one clones the repository, than checkouts a tag and compiles FFmpeg. For that one wants to know that the code is not manipulated by a third party (a person not trusted by the FFmpeg project). If the last commit is signed then, the user know that they can trust the entire code. If they checkout a random commit that is not signed, they cannot be sure that the set of changes up to the next signed commit of an FFmpeg author comes from a person trusted by FFmpeg. But for that it doesn't matter which of the devs has signed the commit. So I think for end users a signed release commit is most valuable, individual commits are valuable, too, and it's important that the signature must always come from a person trusted by the FFmpeg project. Best, Gerion > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". > --nextPart3226106.QDZCmsiozG Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- iQGzBAABCgAdFiEEM/tVN9WpYYHnPZHxloeAdSYJHeoFAmLyQ4EACgkQloeAdSYJ HepaHAwAiCxltrIArvThfSjDeTv0YoMhvMwKAVnWRu3/uC/4l4AG4ugmpkT5xAhg z2fgsBPargMA3yhZ96BM7uB2Sde8t+j/3kOdrhnpIH1cTNJsRGYU5SwnV+y42HX6 7NsDVOGTadEA/br4TcFa1IaaZYLH24QIRQhSeAiczBVYsgFky7oxqn5hRiHSnZMd fporXLWSNhIoyrVxRYO8H5bQ2yg//1gKINWOgRxjvJGa3bx7GqFA49DU2kiVlXFR B1fDqmQaYb3pXseDRPfoVQcLf+1r9nM+f8tcKpS7slKpN3+kyi+fXUkG0ryT3ZXV hAtgVmGlPp2J9cD8QnNXUrDqknxjbvSoaJnraPtyr4Kl+g7PB+Dh34k4e4c5ExrW DED72PYUc7G3xyzcgsyvH5vAbNMIJE3TBcn5d042CBg7SOKClWMDFom0aSx5+PZR 7+QpF1hwFSIVQsTl7pmLEX4BqQYSrs8coDyf46evBhfI2xHIqTrrYz3+IJq+5pRb c7TVTAUw =esBq -----END PGP SIGNATURE----- --nextPart3226106.QDZCmsiozG-- --===============0335683167630803971== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". --===============0335683167630803971==--