Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S262499AbVDYDHF (ORCPT ); Sun, 24 Apr 2005 23:07:05 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S262497AbVDYDHF (ORCPT ); Sun, 24 Apr 2005 23:07:05 -0400 Received: from aibo.runbox.com ([193.71.199.94]:35243 "EHLO cujo.runbox.com") by vger.kernel.org with ESMTP id S262494AbVDYDGl (ORCPT ); Sun, 24 Apr 2005 23:06:41 -0400 Message-ID: <426C5F43.8010705@dwheeler.com> Date: Sun, 24 Apr 2005 23:08:51 -0400 From: "David A. Wheeler" Reply-To: dwheeler@dwheeler.com User-Agent: Mozilla Thunderbird 1.0.2-1.3.2 (X11/20050324) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Linus Torvalds CC: Paul Jakma , Sean , Thomas Glanzmann , David Woodhouse , Jan Dittmer , Greg KH , Kernel Mailing List , Git Mailing List Subject: Re: Git-commits mailing list feed. References: <200504210422.j3L4Mo8L021495@hera.kernel.org> <42674724.90005@ppp0.net> <20050422002922.GB6829@kroah.com> <426A4669.7080500@ppp0.net> <1114266083.3419.40.camel@localhost.localdomain> <426A5BFC.1020507@ppp0.net> <1114266907.3419.43.camel@localhost.localdomain> <20050423175422.GA7100@cip.informatik.uni-erlangen.de> <2911.10.10.10.24.1114279589.squirrel@linux1> <426C4168.6030008@dwheeler.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 3627 Lines: 73 Linus Torvalds wrote: > > On Sun, 24 Apr 2005, David A. Wheeler wrote: > >>It may be better to have them as simple detached signatures, which are >>completely separate files (see gpg --detached). > > Actually, if we do totally separate files, then the detached thing is ok, > and we migth decide to not call the objects at all, since that seems to be > unnecessarily complex. > > Maybe we'll just have signed tags by doing exactly that: just a collection > of detached signature files. The question becomes one of how to name such > things in a distributed tree. That is the thing that using an object for > them would have solved very naturally. I agree, naming signatures using the same way other objects are named would be very clean. So, why not? It's perfectly reasonable to just store detached signatures as hashed objects, just like the rest; just create a new object type ("signature"). If 3 different keys are used to sign the same object, the detached signatures will have different hash values, so they'll get named easily. Now you just have to FIND the signature of a signed object, i.e. efficiently go the "other way" from signed object to detached signature. A separate directory with this mapping, or embedding the mapping inside the object directory (HASH.d/) both solve it. The more I think about it, the more I think a separate "reverse" index directory would be a better idea. It just needs to from "me" to "who references me", at least so that you can quickly find all signatures of a given object. If the reverse directory gets wonky, anyone can just delete the reverse index directory at any time & reconstruct it by iterating the objects. Before "-----BEGIN PGP SIGNATURE-----" you should add: signatureof HASHVALUE to make reconstruction easy; PGP processors ignore stuff before "-----". The PGP data does include a hash, but it's not easy to get it out (I don't see a way to do it in gpg from the command line), and it's quite possible that a signer won't use SHA-1 when they sign something (they may not even realize it; it depends on their implementation's configuration). Better to include something about what was signed with the signature. Hmm, probably worth backtracking to see what's needed. There needs to be a way to identify tags, and a way to sign that tag so that you can decide to trust some tags & not others. There needs to be a way to sign commits, and store that info for later. And really, these are special cases of general assertions about other things; you might want someone to be able to make other signed assertions (e.g., that it passed test suite XYZ). If tags & commits are all you plan to sign for now, well, you already have commits. You can just add a "tag" type and a "signature" type of object (the "signature" is just a detached OpenPGP signature). "signature" can sign tag or commit types. I still like the idea of a more general "assertion" type, esp. for assertions that something passed a test suite on a certain date or was reviewed at a certain date by someone, but admittedly that could be added later in the same manner. Then you need to be able to quickly find a signature, given a commit or tag. A "reverse" directory then does that nicely, and if you put enough information in front of the signature, you can regenerate the reverse directory whenever you wish. --- David A. Wheeler - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/