Improving support for signed revisions
Lasse Kliemann
lasse-list-mercurial-2009 at mail.plastictree.net
Thu May 7 10:34:13 CDT 2009
* Message by -Martin Geisler- from Thu 2009-05-07:
[ GPG extension ]
> The extension is not about ensuring that author name in a changeset
> reflects whoever wrote the changeset. In Mercurial we sometimes update a
> patch received by email slightly before pushing it to the public
> repositories. The original submitter will still be credited with the
> changeset, even though we edited it too.
Will the original submitter be credited by putting his name in
the 'user' field of the revision (i.e., what will show up under
'user' in the commit log)? Maybe he is credited in the 'summary'
field instead.
In any case, I feel that there should be someone _responsible_
for the commit, and that person should be identifyable by some
cryptographic means.
> The gpg extension has another purpose: it lets you put a "stamp of
> approval" on certain changesets by digitally signing them.
>
> The signature is made on the revision hash, and people can then later
> verify these signatures. Having verified the signature, they can then
> update to the signed revision and trust the integrity of their clone.
>
>
> It is very important to note that the signature means exactly what I
> wrote above -- there is no other meaning attached to it unless the
> signer says so.
>
> People will, of course, generally sign changesets in order to indicate
> that they are trustworthy. It is common practice to sign the tagged
> changesets before making a release in order to tell the world that the
> signer trusts the code up to this point.
The desire to mark certain revisions as trustworthy gives
motivation for providing as many signatures as possible, in the
best case for each revision. He who wishes to provide a signature
for signalling trustworthiness might have a much easier job if he
can trust certain committers *and* he can trust that a commit
allegedly made by one of these trusted committers was in fact
made by that trusted committer.
I wonder how one could otherwise make sure that a revision is
trustworthiness, unless one *in* *detail* (e.g., by looking at
all the diffs, line by line) checks each and every commit made
since the last trustworthiness signature.
> Extending the gpg extension to sign every commit in a more light-weight
> fashion would definitely be cool, but it hasn't been done yet.
Ok, maybe we can encourage some development in that direction. :-)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
Url : http://selenic.com/pipermail/mercurial/attachments/20090507/9ccf21a5/attachment.pgp
More information about the Mercurial
mailing list