[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GNUnet-developers] Updating my git work-in-progess branch?

From: Florian Dold
Subject: Re: [GNUnet-developers] Updating my git work-in-progess branch?
Date: Tue, 19 Mar 2019 23:23:54 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.3

On 3/19/19 6:55 PM, Christian Grothoff wrote:
> On 3/16/19 10:32 PM, Florian Dold wrote:
>> The model of "nobody should push to master" is great if you have the
>> right tooling on the server, but breaks GPG signing of commits by the
>> author, AFAICT.
> Hmm. Are you sure? I understand that sometimes merging and rebasing
> requires re-signing, but I'm not 100% clear on which operations the CI
> would require, and if it is possible to do it with a subset which may
> not require re-signing. Breaking the GPG signing would be a major loss
> indeed.

Yes.  Let's say I commit a change (and my commit references the last
head X).  Then you make a change at the same time on your branch, for
simplicity also based on the last commit X.

Then we both tell the CI bot to "please apply my changes to master".
Then for my change that will work (if it's picked first), but your
commit must be changed to have my commit as the parent, which destroys
your signature.

Alternatively, the CI bot can create merge-commits.  This preserves both
our signatures, but then the CI bot needs to make a signature for the
merge commit itself, and additionally there are lots of merge commits,
making the history (IMHO) ugly.  Furthermore, all these merge commits
make it hard to back out changes, since creating a reverse commit for a
merge commit in git creates all kinds of problems.

> Sure, and I'm also fine with allowing people to delete branches as long
> as they are scoped to their prefix, i.e. flo deleting the
> wip-flo-branches should be fine. (ng0: you suggested a nicer naming
> convention, that's also fine with me).
> If someone knows how to encode this in the Gitolite config, please go
> ahead and just do it ;-).

I've done this for, using the VREF feature of gitolite.

You're in the "admin" group, so it won't affect you.  But for a normal
$user, they can now only force-push or delete branches of the form


from now on :-)

Every normal user can still *create* arbitrary branches, but can't
delete them.  Not sure if that's the best policy, but it can be
trivially changed in the config to only allow admins to create new
non-"dev/..." branches.

- Florian

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]