Re: ‘core-updates’ merge is a squashed commit

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ‘core-updates’ merge is a squashed commit

From:	Leo Famulari
Subject:	Re: ‘core-updates’ merge is a squashed commit
Date:	Thu, 4 Aug 2016 16:05:19 -0400
User-agent:	Mutt/1.6.0 (2016-04-01)

On Thu, Aug 04, 2016 at 06:55:34PM +0200, Andy Wingo wrote:
> On Thu 04 Aug 2016 18:44, Leo Famulari <address@hidden> writes:
> 
> > How would the rest of us distinguish between
> >
> > 1) a range of your commits with a signed HEAD
> > 2) a range of your commits with a signed HEAD that you pushed after I
> > pushed a commit created with `git commit --author="Andy Wingo"
> 
> I'm not sure what the threat model here is, and surely this is mostly
> because I am ignorant :)  Would you mind elaborating a bit more?

I admit, the example is really contrived.

My point is that, as far as I know, there is no way to know who exactly
is behind an unsigned Git commit.

The "Author" and "Commit" information seen in `git log --format=full` is
trivially forged, for example by altering the [user] field of your Git
configuration file.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: ‘core-updates’ merge is a squashed commit, (continued)

Prev by Date: How to get the package metadata as structured data?
Next by Date: Re: ‘core-updates’ merge is a squashed commit
Previous by thread: Re: ‘core-updates’ merge is a squashed commit
Next by thread: Re: ‘core-updates’ merge is a squashed commit
Index(es):
- Date
- Thread