gnuboot-patches
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Enable guix git authenticate to work.


From: Denis 'GNUtoo' Carikli
Subject: Re: Enable guix git authenticate to work.
Date: Mon, 7 Oct 2024 17:05:34 +0200

On Sat, 05 Oct 2024 12:07:06 +0200
Adrien 'neox' Bourmault <neox@gnu.org> wrote:
> Hi, thanks for the patchset. However, I don't see any sign-off in the
> messages, could you add that (since that's our usual procedure?).
I also forgot to add proper commit messages: there is 0 indication of
why we want 'guix git authenticate' inside the commits and the only
information we have (from the cover letter) is that it's "the easiest
way" to fix an issue (that is well described inside the cover letter),
and that would better fit inside the commits than inside a cover letter
(why below).

What happened is that I'm also working on a patch serie that would
improve the GNU Boot documentation and add I expect to add
documentation about 'guix git authenticate' there, and I've already
written text that explains to GNU Boot users (which also includes
contributors and maintainers) why we have 'guix git authenticate'
support.

But this single-patch-serie approach has a serious issue: It introduced
a circular dependency: we need to tell users which command to type to
verify the git repository, and this commands includes a git commit
hash. And we don't know the hash until one of the commits in this serie
(the guix-git-authenticate) is merged. So at the end I split the
single-patch-serie.

So the explanation is now lost in the cover letter and not anymore
inside the GNU Boot documentation.

Something is also missing from the documentation: why did we choose
this particular scheme over other things like 'git log
--show-signature', writing a script ourselves, using in-toto, etc.

Here a future maintainer (or even me in the future) only knows that
guix git authenticate' was chosen because it was 'the easiest way'
(from the cover letter) without further explanations.

So the fix here is that I also add the proper information in the git
commit of the 2 patches of this guix-git-authenticate serie and send a
v2, and also compare a bit 'guix git authenticate' to other solutions
and explain the possible tradeoffs.

After that I'll finish the documentation serie (I still need to run
some tests to find if there are still build issues or not).

PS: Your mail wasn't sent to the mailing list. I don't think it's
    necessary to forward the original to the mailing list as this one
    also includes your response (your mail only had your response +
    also quoted my cover letter).

Denis.

Attachment: pgpkehElw1VVN.pgp
Description: OpenPGP digital signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]