[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ‘core-updates’ is gone; long live ‘core-packages-team’!
From: |
Leo Famulari |
Subject: |
Re: ‘core-updates’ is gone; long live ‘core-packages-team’! |
Date: |
Fri, 6 Sep 2024 14:06:37 -0400 |
On Fri, Sep 06, 2024 at 10:44:54AM -0700, Vagrant Cascadian wrote:
> Is it just me, or is rebasing branches disconcerting, as it likely means
> the person signing the commit is not necessarily the original person
> pushing the commit? This is worst for the now deprecated core-updates
> branch with many rebased commits... are people still updating the
> signed-off-by tags or whatnot?
In Guix, the "signed-off-by" tag gives credit to the reviewer of the
patch, but doesn't indicate anything about authority to push to
guix.git.
In all cases, a commit that is pushed to guix.git will be signed by an
authorized committer. The signature system ensures that.
If we are concerned about long-running branches being rebased and
commits losing their "original" signatures, I think it's not really
something to worry about. That's because the signature *only* tells us
that that the commit was signed by someone who is authorized, and it
tells us *nothing* else. The code-signing authorization is extremely
limited in scope. It doesn't tell us that the code works, is freely
licensed, is not malicious, etc. So, it doesn't matter who signs a
commit, as long as it is signed by an authorized person.
Does this respond to your concerns? Or have I misunderstood?
- Re: ‘core-updates’ is gone; long live ‘core-packages-team’!, (continued)
- Re: ‘core-updates’ is gone; long live ‘core-packages-team’!, Simon Tournier, 2024/09/04
- Re: ‘core-updates’ is gone; long live ‘core-packages-team’!, Vagrant Cascadian, 2024/09/06
- Re: ‘core-updates’ is gone; long live ‘core-packages-team’!,
Leo Famulari <=
- Rebasing commits and re-signing before mergeing (Was: ‘core-updates’ is gone; long live ‘core-packages-team’!), Vagrant Cascadian, 2024/09/06
- Re: Rebasing commits and re-signing before mergeing (Was: ‘core-updates’ is gone; long live ‘core-packages-team’!), Leo Famulari, 2024/09/07
- Re: Rebasing commits and re-signing before mergeing (Was: ‘core-updates’ is gone; long live ‘core-packages-team’!), Vagrant Cascadian, 2024/09/07
- Re: ‘core-updates’ is gone; long live ‘core-packages-team’!, Christopher Baines, 2024/09/06
- Naming “build train” instead of “merge train”?, Simon Tournier, 2024/09/09