1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
|
Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194]
helo=mx.sourceforge.net)
by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <gubatron@gmail.com>) id 1XL9zG-0004lx-Jt
for bitcoin-development@lists.sourceforge.net;
Sat, 23 Aug 2014 12:00:02 +0000
Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of gmail.com
designates 209.85.216.52 as permitted sender)
client-ip=209.85.216.52; envelope-from=gubatron@gmail.com;
helo=mail-qa0-f52.google.com;
Received: from mail-qa0-f52.google.com ([209.85.216.52])
by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1XL9yp-00054s-UB
for bitcoin-development@lists.sourceforge.net;
Sat, 23 Aug 2014 12:00:01 +0000
Received: by mail-qa0-f52.google.com with SMTP id j15so10810761qaq.11
for <bitcoin-development@lists.sourceforge.net>;
Sat, 23 Aug 2014 04:59:24 -0700 (PDT)
X-Received: by 10.140.42.195 with SMTP id c61mr5952594qga.54.1408795164427;
Sat, 23 Aug 2014 04:59:24 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.86.37 with HTTP; Sat, 23 Aug 2014 04:59:04 -0700 (PDT)
In-Reply-To: <20140823061701.GQ22640@nl.grid.coop>
References: <CAJHLa0NXAYh9HzazN6gArUV8y7J8_G0oqkZqPBgibpW0wRNxKQ@mail.gmail.com>
<2302927.fMx0I5lQth@1337h4x0r> <20140823061701.GQ22640@nl.grid.coop>
From: Angel Leon <gubatron@gmail.com>
Date: Sat, 23 Aug 2014 07:59:04 -0400
Message-ID: <CADZB0_ZP0XN53u4Ye+KLcOLr3zhwAxhCYCycRNZ4kcTqZ770Og@mail.gmail.com>
To: Troy Benjegerdes <hozer@hozed.org>
Content-Type: multipart/alternative; boundary=001a113abef4564ba205014aaf28
X-Spam-Score: -0.6 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(gubatron[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
1.0 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1XL9yp-00054s-UB
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Reconsidering github
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Sat, 23 Aug 2014 12:00:02 -0000
--001a113abef4564ba205014aaf28
Content-Type: text/plain; charset=UTF-8
I think this is the only project where people are concerened wether commit
messages are signed or not.
Commit messages should be merged only upon their correctness, not their
signature.
I could care less if I receive a buggy patch that's signed.
http://twitter.com/gubatron
On Sat, Aug 23, 2014 at 2:17 AM, Troy Benjegerdes <hozer@hozed.org> wrote:
> On Fri, Aug 22, 2014 at 09:20:11PM +0200, xor wrote:
> > On Tuesday, August 19, 2014 08:02:37 AM Jeff Garzik wrote:
> > > It would be nice if the issues and git repo for Bitcoin Core were not
> > > on such a centralized service as github, nice and convenient as it is.
> >
> > Assuming there is a problem with that usually is caused by using Git the
> wrong
> > way or not knowing its capabilities. Nobody can modify / insert a commit
> > before a GnuPG signed commit / tag without breaking the signature.
> > More detail at the bottom at [1], I am sparing you this here because I
> suspect
> > you already know it and there is something more important I want to
> stress:
> >
> > Bitcoin has currently 4132 forks on Github. This means that you can get
> > contributions by pull requests from 4132 developers. That is a HUGE
> amount,
> > and you shouldn't ditch that due to not using all features of git :)
> > To get a grasp of how much that is: When you search projects with more
> than
> > 4100 forks, there are only 32 of them!
> > You are one of the top open source projects, and you should be grateful
> for
> > that and keep Github up so the other people can send you pull requests
> with
> > their improvements :) Volunteer contributions need to be honored and
> made as
> > easy as possible, for people are investing their personal time.
> >
> > Greetings and thanks for your work,
> > xor, one developer of https://freenetproject.org
> >
> >
> > [1] If you GPG-sign a commit / tag, you sign its hash, including the
> hash of
> > the previous commit. So is a chain of hashes and thus of trust from all
> > commits up to what is signed. It's pretty similar to the blockchain
> actually
> > :)
> > So Github cannot modify anything. If they did, the head of the
> hash-chain
> > would change, and thus the signature would break. Git would notify people
> > about that when they pull.
> > Of course people can still ignore that warning and let Github rewrite
> their
> > Git history. But people who aren't educated about this shouldn't be
> release
> > managers. They should not even have push access to your main repository,
> they
> > should only be sending pull requests. Thats is where the
> decentralization of
> > Git is: In the pull-requests. The people who deal with them should
> verify tag
> > and possibly even commit signatures carefully, and not accept anything
> which
> > is not signed. Also, before deploying a binary, the very same commit
> which is
> > going to become a binary has to be given a signed tag by the release
> manager,
> > and by everyone who reviews the code. The person who deploys the actual
> binary
> > needs to verify that signature.
> > There is an article which elaborates on some of the ways you have to
> ensure
> > Github doesn't insert malicious code - but please read it with care,
> some of
> > its recommendations are bad, especially the part where its about rebasing
> > because that DOES rewrite history which is what you want to prevent:
> > http://mikegerwitz.com/papers/git-horror-story
> >
> >
>
>
> This is why I clone git to mercurial, which is generally designed around
> the
> assumption that history is immutable. You can't rewrite blockchain history,
> and we should not be re-writing (rebasing) commit history either.
>
> The problem with github is it's too tempting to look at the *web page*,
> which
> is NOT pgp-signed, and hit the 'approve' button when you might have someone
> in the middle approving an unsigned changeset because you're in a hurry to
> get the latest new critical OpenSSL 0day security patch build released.
>
> We need multiple redundant 'master' repositories run by different people in
> different jurisdictions that get updated on different schedules, and have
> all
> of these people pay attention to operational security, and not just
> outsource
> it all to github because it's convenient.
>
>
> There's no reason to *stop* using github, cause it *is* easy... but you
> want
> to have multiple review of *the actual code*, not just signatures and see
> if the changes really do make sense.
>
> --
>
> ----------------------------------------------------------------------------
> Troy Benjegerdes 'da hozer'
> hozer@hozed.org
> 7 elements earth::water::air::fire::mind::spirit::soul
> grid.coop
>
> Never pick a fight with someone who buys ink by the barrel,
> nor try buy a hacker who makes money by the megahash
>
>
>
> ------------------------------------------------------------------------------
> Slashdot TV.
> Video for Nerds. Stuff that matters.
> http://tv.slashdot.org/
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
--001a113abef4564ba205014aaf28
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">I think this is the only project where people are conceren=
ed wether commit messages are signed or not.<br><br>Commit messages should =
be merged only upon their correctness, not their signature.<br><br>I could =
care less if I receive a buggy patch that's signed.</div>
<div class=3D"gmail_extra"><br clear=3D"all"><div><a href=3D"http://twitter=
.com/gubatron" target=3D"_blank">http://twitter.com/gubatron</a><br></div>
<br><br><div class=3D"gmail_quote">On Sat, Aug 23, 2014 at 2:17 AM, Troy Be=
njegerdes <span dir=3D"ltr"><<a href=3D"mailto:hozer@hozed.org" target=
=3D"_blank">hozer@hozed.org</a>></span> wrote:<br><blockquote class=3D"g=
mail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-l=
eft:1ex">
<div class=3D"HOEnZb"><div class=3D"h5">On Fri, Aug 22, 2014 at 09:20:11PM =
+0200, xor wrote:<br>
> On Tuesday, August 19, 2014 08:02:37 AM Jeff Garzik wrote:<br>
> > It would be nice if the issues and git repo for Bitcoin Core were=
not<br>
> > on such a centralized service as github, nice and convenient as i=
t is.<br>
><br>
> Assuming there is a problem with that usually is caused by using Git t=
he wrong<br>
> way or not knowing its capabilities. Nobody can modify / insert a comm=
it<br>
> before a GnuPG signed commit / tag without breaking the signature.<br>
> More detail at the bottom at [1], I am sparing you this here because I=
suspect<br>
> you already know it and there is something more important I want to st=
ress:<br>
><br>
> Bitcoin has currently 4132 forks on Github. This means that you can ge=
t<br>
> contributions by pull requests from 4132 developers. That is a HUGE am=
ount,<br>
> and you shouldn't ditch that due to not using all features of git =
:)<br>
> To get a grasp of how much that is: When you search projects with more=
than<br>
> 4100 forks, there are only 32 of them!<br>
> You are one of the top open source projects, and you should be gratefu=
l for<br>
> that and keep Github up so the other people can send you pull requests=
with<br>
> their improvements :) Volunteer contributions need to be honored and m=
ade as<br>
> easy as possible, for people are investing their personal time.<br>
><br>
> Greetings and thanks for your work,<br>
>=C2=A0 =C2=A0 =C2=A0 =C2=A0xor, one developer of <a href=3D"https://fre=
enetproject.org" target=3D"_blank">https://freenetproject.org</a><br>
><br>
><br>
> [1] If you GPG-sign a commit / tag, you sign its hash, including the h=
ash of<br>
> the previous commit. So is a chain of hashes and thus of trust from al=
l<br>
> commits up to what is signed. It's pretty similar to the blockchai=
n actually<br>
> :)<br>
> So Github cannot modify anything. If they did,=C2=A0 the head of the h=
ash-chain<br>
> would change, and thus the signature would break. Git would notify peo=
ple<br>
> about that when they pull.<br>
> Of course people can still ignore that warning and let Github rewrite =
their<br>
> Git history. But people who aren't educated about this shouldn'=
;t be release<br>
> managers. They should not even have push access to your main repositor=
y, they<br>
> should only be sending pull requests. Thats is where the decentralizat=
ion of<br>
> Git is: In the pull-requests. The people who deal with them should ver=
ify tag<br>
> and possibly even commit signatures carefully, and not accept anything=
which<br>
> is not signed. Also, before deploying a binary, the very same commit w=
hich is<br>
> going to become a binary has to be given a signed tag by the release m=
anager,<br>
> and by everyone who reviews the code. The person who deploys the actua=
l binary<br>
> needs to verify that signature.<br>
> There is an article which elaborates on some of the ways you have to e=
nsure<br>
> Github doesn't insert malicious code - but please read it with car=
e, some of<br>
> its recommendations are bad, especially the part where its about rebas=
ing<br>
> because that DOES rewrite history which is what you want to prevent:<b=
r>
> <a href=3D"http://mikegerwitz.com/papers/git-horror-story" target=3D"_=
blank">http://mikegerwitz.com/papers/git-horror-story</a><br>
><br>
><br>
<br>
<br>
</div></div>This is why I clone git to mercurial, which is generally design=
ed around the<br>
assumption that history is immutable. You can't rewrite blockchain hist=
ory,<br>
and we should not be re-writing (rebasing) commit history either.<br>
<br>
The problem with github is it's too tempting to look at the *web page*,=
which<br>
is NOT pgp-signed, and hit the 'approve' button when you might have=
someone<br>
in the middle approving an unsigned changeset because you're in a hurry=
to<br>
get the latest new critical OpenSSL 0day security patch build released.<br>
<br>
We need multiple redundant 'master' repositories run by different p=
eople in<br>
different jurisdictions that get updated on different schedules, and have a=
ll<br>
of these people pay attention to operational security, and not just outsour=
ce<br>
it all to github because it's convenient.<br>
<br>
<br>
There's no reason to *stop* using github, cause it *is* easy... but you=
want<br>
to have multiple review of *the actual code*, not just signatures and see<b=
r>
if the changes really do make sense.<br>
<div class=3D"im HOEnZb"><br>
--<br>
---------------------------------------------------------------------------=
-<br>
Troy Benjegerdes=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0'da hozer'=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 <a href=3D"mailto:hozer@hozed.org">hozer@hozed.org</a><br>
7 elements=C2=A0 =C2=A0 =C2=A0 earth::water::air::fire::mind::spirit::soul=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 <a href=3D"http://grid.coop" target=3D"_blank">=
grid.coop</a><br>
<br>
=C2=A0 =C2=A0 =C2=A0 Never pick a fight with someone who buys ink by the ba=
rrel,<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0nor try buy a hacker who makes money by t=
he megahash<br>
<br>
<br>
</div><div class=3D"im HOEnZb">--------------------------------------------=
----------------------------------<br>
Slashdot TV.<br>
Video for Nerds.=C2=A0 Stuff that matters.<br>
<a href=3D"http://tv.slashdot.org/" target=3D"_blank">http://tv.slashdot.or=
g/</a><br>
</div><div class=3D"HOEnZb"><div class=3D"h5">_____________________________=
__________________<br>
Bitcoin-development mailing list<br>
<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-develo=
pment@lists.sourceforge.net</a><br>
<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development=
" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de=
velopment</a><br>
</div></div></blockquote></div><br></div>
--001a113abef4564ba205014aaf28--
|
