From: Santiago Torres <santi...@nyu.edu>
Hello everyone,
In a previous thread [1] we discussed about the possibility of having a
--check-name flag, for the tag-verify command (and possibly git tag -v).
Although many points were in the table, I don't think that it was
conclusive as to w
From: Santiago Torres <santi...@nyu.edu>
The verify tag function converts the commit sha1 to hex and passes it as
a command-line argument to builtin/verify-tag. Given that builtin/verify-tag
already resolves the ref name sha1 equivalent, the sha1 to
hex_sha1 conversion is unnecessary and t
From: Santiago Torres <santi...@nyu.edu>
Instead of running the verify-tag plumbing command, we use the
gpg_verify_tag() function within the verify_tag function to avoid doing
an additional fork call.
Signed-off-by: Santiago Torres <santi...@nyu.edu>
---
builtin/tag.c | 8 +---
From: Santiago Torres <santi...@nyu.edu>
The run_gpg_verify function has two variables size, and len. This may
come off as confusing when reading the code. We clarify which one
pertains to the length of the tag headers by renaming len to
payload_length.
Signed-off-by: Santiago Torres
From: Santiago Torres <santi...@nyu.edu>
This change is meant to prepare verify_tag for libification. Many
existing modules/commands already do the refname to sha1 resolution, so
should avoid resolving the refname twice. To avoid breaking
builtin/verify-tag, we move the refname resolution o
From: Santiago Torres <santi...@nyu.edu>
The verify_signed_buffer comand might cause a SIGPIPE signal when the
gpg child process terminates early (due to a bad keyid, for example) and
git tries to write to it afterwards. Previously, ignoring SIGPIPE was
done on the builtin/verify-tag.c c
From: Santiago Torres <santi...@nyu.edu>
The verify-tag command supports multiple tag names as an argument.
However, existing tests only test for invocation with a single tag, so
we add a test invoking with multiple tags.
Helped-by: Jeff King <p...@peff.net>
Signed-off-by: Santiago T
From: Santiago Torres <santi...@nyu.edu>
The PGP verification routine for tags could be accessed by other
commands that require it. We do this by moving it to the common tag.c
module. We rename the verify_tag() function to gpg_verify_tag() to avoid
conflicts with the mktag.c function.
Sign
From: Santiago Torres <santi...@nyu.edu>
v5 (this):
Added helpful feedback by Eric
* Reordering of the patches, to avoid temporal inclusion of a regression
* Fix typos here and there.
* Review commit messages, as some weren't representative of what the patches
were doing a
From: Santiago Torres <torresari...@gmail.com>
The verify tag function is just a thin wrapper around the verify-tag
command. We can avoid one fork call by doing the verification instide
the tag builtin instead.
Signed-off-by: Santiago Torres <santi...@nyu.edu>
---
builti
From: Santiago Torres <santi...@nyu.edu>
The verify tag function is just a thin wrapper around the verify-tag
command. We can avoid one fork call by doing the verification inside
the tag builtin instead.
To do this, the run_pgp_verify() and verify_tag() functions are moved to
From: Santiago Torres <santi...@nyu.edu>
The verify-tag command supports mutliple tag names as an argument.
However, no previous tests try to verify multiple tags at once. This
test runs the verify-tag command against three trusted tags (created
previously), and ensures that:
1)
From: Santiago Torres <santi...@nyu.edu>
Instead of running the verify-tag plumbing command, we use the
pgp_verify_tag(). This avoids the usage of an extra fork call. To do
this, we extend the number of parameters that tag.c takes, and
verify-tag passes. Redundant calls done in the pgp_veri
From: Santiago Torres <santi...@nyu.edu>
The PGP verification routine for tags could be accessed by other
commands that require it. We do this by moving it to the common tag.c
code. We rename the verify_tag() function to pgp_verify_tag() to avoid
conflicts with the mktag.c function.
Sign
From: Santiago Torres <santi...@nyu.edu>
The verify_signed_buffer comand might cause a SIGPIPE signal when the
gpg child process terminates early (due to a bad keyid, for example) and
git tries to write to it afterwards. Previously, ignoring SIGPIPE was
done on the builtin/gpg-verify.c c
in verify-tag to gpg-interface
v1:
The verify tag function is just a thin wrapper around the verify-tag
command. We can avoid one fork call by doing the verification inside
the tag builtin instead.
This applies on v2.8.0.
Thanks!
-Santiago
[1]
http://git.661346.n2.nabble.com/PATCH-RFC-builtin
From: Santiago Torres <santi...@nyu.edu>
The verify_signed_buffer comand might cause a SIGPIPE signal when the
gpg child process terminates early (due to a bad keyid, for example) and
git tries to write to it afterwards. Previously, ignoring SIGPIPE was
done on the builtin/verify-tag.c c
From: Santiago Torres <santi...@nyu.edu>
The gpg_verify_tag function resolves the ref for any existing object.
However, git tag -v resolves to only tag-refs. We can provide support
for sha1 by moving the refname resolution code out of gpg_verify_tag and
allow for the object's sha1 as an ar
is just a thin wrapper around the verify-tag
command. We can avoid one fork call by doing the verification inside
the tag builtin instead.
This applies on v2.8.0.
Thanks!
-Santiago
[1]
http://git.661346.n2.nabble.com/PATCH-RFC-builtin-tag-c-move-PGP-verification-inside-builtin-td7651529.html
From: Santiago Torres <santi...@nyu.edu>
Instead of running the verify-tag plumbing command, we use the
pgp_verify_tag(). This avoids the usage of an extra fork call. To do
this, we extend the number of parameters that tag.c takes, and
verify-tag passes. Redundant calls done in the pgp_veri
From: Santiago Torres <santi...@nyu.edu>
The verify-tag command supports mutliple tag names as an argument.
However, no previous tests try to verify multiple tags at once. This
test runs the verify-tag command against three tags separately and then
compares the result against the invo
From: Santiago Torres <santi...@nyu.edu>
The PGP verification routine for tags could be accessed by other
commands that require it. We do this by moving it to the common tag.c
code. We rename the verify_tag() function to gpg_verify_tag() to avoid
conflicts with the mktag.c function.
Sign
From: Santiago Torres <santi...@nyu.edu>
The run_gpg_verify function has two variables size, and len. This may
come off as confusing when reading the code. We clarify which one
pertains to the length of the tag headers by renaming len to
payload_length.
Signed-off-by: Santiago Torres
From: Santiago Torres <santi...@nyu.edu>
The verify_signed_buffer() function may trigger a SIGPIPE when the
GPG child process terminates early (due to a bad keyid, for example)
and Git tries to write to it afterwards. Previously, ignoring
SIGPIPE was done in builtin/verify-tag.c to
From: Santiago Torres <santi...@nyu.edu>
The verify-tag command supports multiple tag names to verify, but
existing tests only test for invocation with a single tag.
Add a test invoking it with multiple tags.
Helped-by: Jeff King <p...@peff.net>
Signed-off-by: Santiago Torres <s
From: Santiago Torres <santi...@nyu.edu>
The current interface of verify_tag() resolves reference names to SHA1,
however, the plan is to make this functionality public and the current
interface is cumbersome for callers: they are expected to supply the
textual representation of a sha1/r
From: Santiago Torres <santi...@nyu.edu>
The run_gpg_verify() function has two variables, size and len.
This may come off as confusing when reading the code. Clarify which one
pertains to the length of the tag headers by renaming len to
payload_size. Additionally, change the type of payloa
From: Santiago Torres <santi...@nyu.edu>
This is a follow up of [1], [2], [3], [4], [5], [6], and [7]. patches 1/6,
2/6, and 3/6, are the same as the corresponding commits in pu.
v8:
Minor nits, I decided to quickly reroll to drop the extern qualifier in tag.c:
* Eric pointed out t
From: Santiago Torres <santi...@nyu.edu>
Instead of having tag -v fork to run verify-tag, use the
gpg_verify_tag() function directly.
Helped-by: Eric Sunshine <sunsh...@sunshineco.com>
Signed-off-by: Santiago Torres <santi...@nyu.edu>
---
builtin/tag.c | 8 +---
1 file ch
From: Santiago Torres <santi...@nyu.edu>
The PGP verification routine for tags could be accessed by other modules
that require to do so.
Publish the verify_tag function in tag.c and rename it to gpg_verify_tag
so it does not conflict with builtin/mktag's static function.
Helped-by: J
From: Santiago Torres <santi...@nyu.edu>
Instead of having tag -v fork to run verify-tag, use the
gpg_verify_tag() function directly.
Helped-by: Eric Sunshine <sunsh...@sunshineco.com>
Signed-off-by: Santiago Torres <santi...@nyu.edu>
---
builtin/tag.c | 8 +---
1 file ch
From: Santiago Torres <santi...@nyu.edu>
The run_gpg_verify() function has two variables, size and len.
This may come off as confusing when reading the code. Clarify which one
pertains to the length of the tag headers by renaming len to
payload_size. Additionally, change the type of payloa
From: Santiago Torres <santi...@nyu.edu>
This is a follow up of [1], [2], [3], [4], [5], [6]. patches 1/6, 2/6, are the
same as the corresponding commits in pu.
v7:
Mostly style/clarity changes mostly. Thanks Peff, Eric and Junio for the
feedback! In summary:
* Eric pointed out issues
From: Santiago Torres <santi...@nyu.edu>
The verify-tag command supports multiple tag names to verify, but
existing tests only test for invocation with a single tag.
Add a test invoking it with multiple tags.
Helped-by: Jeff King <p...@peff.net>
Signed-off-by: Santiago Torres <s
From: Santiago Torres <santi...@nyu.edu>
The verify_signed_buffer() function may trigger a SIGPIPE when the
GPG child process terminates early (due to a bad keyid, for example)
and Git tries to write to it afterwards. Previously, ignoring
SIGPIPE was done in builtin/verify-tag.c to
From: Santiago Torres <santi...@nyu.edu>
The current interface of verify_tag() resolves reference names to SHA1,
however, the plan is to make this functionality public and the current
interface is cumbersome for callers: they are expected to supply the
textual representation of a sha1/r
From: Santiago Torres <santi...@nyu.edu>
The PGP verification routine for tags could be accessed by other modules
that require to do so.
Publish the verify_tag function in tag.c and rename it to gpg_verify_tag
so it does not conflict with builtin/mktag's static function.
Helped-by: J
From: Santiago Torres <santi...@nyu.edu>
The verify-tag command supports multiple tag names to verify, but
existing tests only test for invocation with a single tag.
Add a test invoking it with multiple tags.
Helped-by: Jeff King <p...@peff.net>
Signed-off-by: Santiago Torres <s
From: Santiago Torres <santi...@nyu.edu>
The current interface of verify_tag() resolves reference names to SHA1,
which might be redundant as future callers may resolve the refname to
SHA1 beforehand.
Add a SHA1 parameter to use instead of the name parameter. We also
replace the name ar
From: Santiago Torres <santi...@nyu.edu>
tag -v forks into verify-tag, which only calls gpg_verify_tag().
Instead of forking to verify-tag, call gpg_verify_tag directly().
Helped-by: Eric Sunshine <sunsh...@sunshineco.com>
Signed-off-by: Santiago Torres <santi...@nyu.edu>
---
From: Santiago Torres <santi...@nyu.edu>
This is a follow up of [1], [2], [3], [4], and [5]. patches 1/6, 2/6 and 3/6
are the same as the corresponding commits in pu.
v6:
* As Junio suggested, updated 4/6, to include the name argument and the
ternary operator to provide more descr
From: Santiago Torres <santi...@nyu.edu>
The verify_signed_buffer() function may trigger a SIGPIPE when the
GPG child process terminates early (due to a bad keyid, for example)
and Git tries to write to it afterwards. Previously, ignoring
SIGPIPE was done in builtin/verify-tag.c to
From: Santiago Torres <santi...@nyu.edu>
The run_gpg_verify() function has two variables, size and len.
This may come off as confusing when reading the code. Clarify which
one pertains to the length of the tag headers by renaming len to
payload_length.
Signed-off-by: Santiago Torres
From: Santiago Torres <santi...@nyu.edu>
The PGP verification routine for tags could be accessed by other modules
that require to do so.
Publish the verify_tag function in tag.c and rename it to gpg_verify_tag
so it does not conflict with builtin/mktag's static function.
Helped-by: J
From: Lukas Puehringer
ref-filter functions are useful for printing git object information
using a format specifier. However, some other modules may not want to use
this functionality on a ref-array but only print a single item.
Expose a pretty_print_ref function to
From: Lukas Puehringer
Adding --format to git tag -v mutes the default output of the GPG
verification and instead prints the formatted tag object.
This allows callers to cross-check the tagname from refs/tags with
the tagname from the tag object header upon GPG
From: Lukas Puehringer
Functions that print git object information may require that the
gpg-interface functions be silent. Add GPG_VERIFY_QUIET flag and prevent
print_signature_buffer from being called if flag is set.
Signed-off-by: Lukas Puehringer
From: Santiago Torres <santi...@nyu.edu>
Verify-tag now provides --format specifiers to inspect and ensure the
contents of the tag are proper. We add two tests to ensure this
functionality works as expected: the return value should indicate if
verification passed, and the format specifier
From: Santiago Torres <santi...@nyu.edu>
tag -v now supports --format specifiers to inspect the contents of a tag
upon verification. Add two tests to ensure this behavior is respected in
future changes.
Signed-off-by: Santiago Torres <santi...@nyu.edu>
---
t/t7004
From: Santiago Torres <santi...@nyu.edu>
This is the fifth iteration of [1][2][3][4], and as a result of the
discussion in [5]. The main goal of this patch series is to bring
--format to git tag verification so that upper-layer tools can inspect
the content of a tag and make decisions
From: Lukas Puehringer
Calling functions for gpg_verify_tag() may desire to print relevant
information about the header for further verification. Add an optional
format argument to print any desired information after GPG verification.
Signed-off-by: Lukas Puehringer
From: Santiago Torres <santi...@nyu.edu>
Callers of verify-tag may want to cross-check the tagname from refs/tags
with the tagname from the tag object header upon GPG verification. This
is to avoid tag refs that point to an incorrect object.
Add a --format parameter to git verify-tag to
From: Lukas Puehringer
Adding --format to git tag -v mutes the default output of the GPG
verification and instead prints the formatted tag object.
This allows callers to cross-check the tagname from refs/tags with
the tagname from the tag object header upon GPG
From: Santiago Torres <santi...@nyu.edu>
Callers of verify-tag may want to cross-check the tagname from refs/tags
with the tagname from the tag object header upon GPG verification. This
is to avoid tag refs that point to an incorrect object.
Add a --format parameter to git verify-tag to
From: Lukas Puehringer
Functions that print git object information may require that the
gpg-interface functions be silent. Add GPG_VERIFY_OMIT_STATUS flag and
prevent print_signature_buffer from being called if flag is set.
Signed-off-by: Lukas Puehringer
From: Lukas Puehringer
ref-filter functions are useful for printing git object information
using a format specifier. However, some other modules may not want to use
this functionality on a ref-array but only print a single item.
Expose a pretty_print_ref function to
From: Santiago Torres <santi...@nyu.edu>
tag -v now supports --format specifiers to inspect the contents of a tag
upon verification. Add two tests to ensure this behavior is respected in
future changes.
Signed-off-by: Santiago Torres <santi...@nyu.edu>
---
t/t7004
From: Santiago Torres <santi...@nyu.edu>
Verify-tag now provides --format specifiers to inspect and ensure the
contents of the tag are proper. We add two tests to ensure this
functionality works as expected: the return value should indicate if
verification passed, and the format specifier
From: Santiago Torres <santi...@nyu.edu>
This is the sixth iteration of [1][2][3][4][5], and as a result of the
discussion in [5]. The main goal of this patch series is to bring
--format to git tag verification so that upper-layer tools can inspect
the content of a tag and make decisions
From: Lukas Puehringer
Calling functions for gpg_verify_tag() may desire to print relevant
information about the header for further verification. Add an optional
format argument to print any desired information after GPG verification.
Signed-off-by: Lukas Puehringer
From: Santiago Torres <santi...@nyu.edu>
Callers of verify-tag may want to cross-check the tagname from refs/tags
with the tagname from the tag object header upon GPG verification. This
is to avoid tag refs that point to an incorrect object.
Add a --format parameter to git verify-tag to
From: Lukas Puehringer
Functions that print git object information may require that the
gpg-interface functions be silent. Add GPG_VERIFY_QUIET flag and prevent
print_signature_buffer from being called if flag is set.
Signed-off-by: Lukas Puehringer
From: Lukas Puehringer
ref-filter functions are useful for printing git object information
using a format specifier. However, some other modules may not want to use
this functionality on a ref-array but only print a single item.
Expose a pretty_print_ref function to
From: Lukas Puehringer
Adding --format to git tag -v mutes the default output of the GPG
verification and instead prints the formatted tag object.
This allows callers to cross-check the tagname from refs/tags with
the tagname from the tag object header upon GPG
From: Santiago Torres <santi...@nyu.edu>
tag -v now supports --format specifiers to inspect the contents of a tag
upon verification. Add two tests to ensure this behavior is respected in
future changes.
Signed-off-by: Santiago Torres <santi...@nyu.edu>
---
t/t7004
From: Santiago Torres <santi...@nyu.edu>
This is the fourth iteration of the series in [1][2][3], which comes as a
result of the discussion in [4]. The main goal of this patch series is to bring
--format to git tag verification so that upper-layer tools can inspect the
content of a tag an
From: Santiago Torres <santi...@nyu.edu>
Verify-tag now provides --format specifiers to inspect and ensure the
contents of the tag are proper. We add two tests to ensure this
functionality works as expected: the return value should indicate if
verification passed, and the format specifier
From: Santiago Torres <santi...@nyu.edu>
Hello everyone,
This is a followup on [1]. There we discussed what would be the best way
to provide automated scripts with mechanisms to inspect the contents of
a tag upon verification.
We struggled a little bit with how to make this fit the curre
From: Lukas P
Adding --format to git tag -v mutes the default output of the GPG
verification and instead prints the formatted tag object.
This allows callers to cross-check the tagname from refs/tags with
the tagname from the tag object header upon GPG verification.
From: Lukas P
Ref-filter functions are useful for printing git object information
without a format specifier. However, some functions may not want to use
a complete ref-array, and just a single item instead. Expose
create/show/free functions for ref_array_items through
From: Lukas P
Calling functions for gpg_verify_tag() may desire to print relevant
information about the header for further verification. Add an optional
format argument to print any desired information after GPG verification.
Signed-off-by: Lukas Puehringer
From: Santiago Torres <santi...@nyu.edu>
The format specifier will be likely used in other functions throughout
git tag. One likely candidate to require format strings in the future is
the gpg_verify_tag function. However, changing the signature of
functions such as for_each_ref or veri
From: Lukas P
Functions that print git object information may require that the
gpg-interface functions be silent. Add a GPG_VERIFY_QUIET to prevent
functions such as `print_signature_buffer` from printing any output and
only return whether signature verification passed
From: Santiago Torres <santi...@nyu.edu>
Callers of verify-tag may want to cross-check the tagname from refs/tags
with the tagname from the tag object header upon GPG verification. This
is to avoid tag refs that point to an incorrect object.
Add a --format parameter to git verify-tag to
From: Lukas Puehringer
Functions that print git object information may require that the
gpg-interface functions be silent. Add GPG_VERIFY_QUIET flag and prevent
print_signature_buffer from being called if flag is set.
Signed-off-by: Lukas Puehringer
From: Santiago Torres <santi...@nyu.edu>
This is the third iteration of [1][2], and as a result of the discussion
in [3].
In this re-roll we:
* Fixed all the signed-off-by's
[0002]
* Renamed the function format_ref to pretty_print_ref instead, which
is a more descriptive name
From: Lukas P
Calling functions for gpg_verify_tag() may desire to print relevant
information about the header for further verification. Add an optional
format argument to print any desired information after GPG verification.
Signed-off-by: Lukas Puehringer
From: Lukas Puehringer
Adding --format to git tag -v mutes the default output of the GPG
verification and instead prints the formatted tag object.
This allows callers to cross-check the tagname from refs/tags with
the tagname from the tag object header upon GPG
From: Lukas Puehringer
ref-filter functions are useful for printing git object information
using a format specifier. However, some other modules may not want to use
this functionality on a ref-array but only print a single item.
Expose a format_ref function to create,
From: Santiago Torres <santi...@nyu.edu>
Callers of verify-tag may want to cross-check the tagname from refs/tags
with the tagname from the tag object header upon GPG verification. This
is to avoid tag refs that point to an incorrect object.
Add a --format parameter to git verify-tag to
From: Lukas P
Calling functions for gpg_verify_tag() may desire to print relevant
information about the header for further verification. Add an optional
format argument to print any desired information after GPG verification.
Signed-off-by: Lukas P
From: Lukas P
Functions that print git object information may require that the
gpg-interface functions be silent. Add GPG_VERIFY_QUIET flag and prevent
print_signature_buffer from being called if flag is set.
Signed-off-by: Lukas P
---
From: Lukas P
ref-filter functions are useful for printing git object information
using a format specifier. However, some other modules may not want to use
this functionality on a ref-array but only print a single item.
Expose a format_ref function to create, pretty
From: Lukas P
Adding --format to git tag -v mutes the default output of the GPG
verification and instead prints the formatted tag object.
This allows callers to cross-check the tagname from refs/tags with
the tagname from the tag object header upon GPG verification.
From: Santiago Torres <santi...@nyu.edu>
Callers of verify-tag may want to cross-check the tagname from refs/tags
with the tagname from the tag object header upon GPG verification. This
is to avoid tag refs that point to an incorrect object.
Add a --format parameter to git verify-tag to
From: Santiago Torres <santi...@nyu.edu>
This is the second iteration of [1], and as a result of the discussion
in [2].
In this re-roll we:
* Dropped the commit to move the format string parameter to a global
variable on builtin/tag. We had to change the signature of
for_each_name_fn
From: Santiago Torres <santi...@nyu.edu>
When running gpg-relevant tests, a gpg-daemon is ran for a
trash_directory-specific GNUPGHOME. This daemon creates a unix socket on
the target host, and it will be used on subsequent runs of the same test
script. Add a call to kill the agent and
From: Santiago Torres <santi...@nyu.edu>
When running gpg-relevant tests, a gpg-daemon is spawned for each
GNUPGHOME used. This daemon may stay running after the test and cache
file descriptors for the trash directories, even after the trash
directory is removed. This leads to ENOENT error
From: Santiago Torres <santi...@nyu.edu>
When running gpg-relevant tests, a gpg-daemon is spawned for each
GNUPGHOME used. This daemon may stay running after the test and cache
file descriptors for the trash directories, even after the trash
directory is removed. This leads to ENOENT error
Hello everyone,
I'm Santiago, a PhD student at NYU doing research about secure software
development pipelines. We've been studying different aspects of Git
lately, (as it is an integral part of many projects) and we believe
we've found a vulnerabilty in the way Git structures/signs metadata
ojects in which this
has happened (I've noticed that both Git and Linux are quite stringent
in their review/merge process so this wouldn't be the case).
>
> Cheers,
Thanks for the insight!
-Santiago.
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
are the basic design of it here. However, it follows
our threat model: a compromised server that can't introduce malicious
code (thanks to commit signing), but can modify branch pointers and
other unsigned metadata to alter the repository's state.
>
> Thanks for researching on Git,
Thanks for
an alternative, that might be cleaner. I'm wondering if
this is easier to implement than having the --check-name flag.
Intuitively, it seems like that's the case. Would you suggest taking
this path instead?
Thanks!
-Santiago.
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
ag (if the appropriate format
string is provided)
I still agree with the rest of Peff's comments about this approach. I'm
not sure about which approach to take either.
-Santiago.
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
ame $tag)
> > make dest=/usr/local/$package/$tag install
>
> It is racy. That probably doesn't matter for most callers, but it would
> be nice to be able to get a custom format out of the "-v" invocation.
Oh yeah, I didn't consider this either. I also don't think it's
--check-name [name] [ref]
In case the ref doesn't match the tag. I can do it either way, although
the second case would be cumbersome.
>
> 2. What do we do for non-annotated tags? Is it always a failure?
Right now, verify-tag fails with non-annotated tags like this:
santiago at
heck-name=tagname] (tag-ref|tag-name|sha1)?
and
tag -v [--check-name] (tag-name)
Or would --format still work better?
Thanks!
-Santiago.
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
On Tue, Jan 26, 2016 at 01:13:16PM -0800, Junio C Hamano wrote:
> Jeff King <p...@peff.net> writes:
>
> > On Tue, Jan 26, 2016 at 10:29:42AM -0500, Santiago Torres wrote:
> >
> >> > If you cannot trust those with write access to a repo that you are
> >
se for a more
> > foolproof tool.
>
> OK, let's make a tool that helps fooling as well as proofing :)
>
> I'll look into the tag header check. Maybe "--check-tagname"? "check"
> seems to imply less than "verify".
This seems like exactly what I wa
rapper over run_gpg_verify(), and we could
> improve the efficiency quite a bit by eliminates the sub-process
> entirely.
I agree here too. while going through gdb to follow the logic on this I saw that
this code forks three times (git, tag-verify and gpg). I'm sure that
removing one layer should be good efficiencly-wise.
Is it ok if I give this a shot?
Thanks!
-Santiago.
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
1 - 100 of 193 matches
Mail list logo