On Thu, Aug 25, 2022 at 06:34:48AM +0000, Tim Rice wrote:
> Hey there,
> 
> Thanks for your work on pass. I both enjoy it personally, and it is also a 
> central part of our organization's workflow.
> 
> We noticed that as .gpg-id grows, the automated recrypt commit message gets 
> longer without bound.
> 
> An example line from git log (identities masked to protect my coworkers):
> 
> * 1ea2589 (2022-05-06) Timothy Rice Reencrypt password store using new GPG id 
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX, 
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX, 
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX, XXXXXXXXXXXXXXXX, XXXXXXXXXXXXXXXX, 
> XXXXXXXXXXXXXXXX, XXXXXXXXXXXXXXXX, XXXXXXXXXXXXXXXX, [email protected], 
> [email protected], [email protected], [email protected], 
> [email protected], [email protected], [email protected], 
> [email protected], [email protected].
> 
> In case you have automatic word wrapping your email, note that this is all on 
> the very first line of the commit message. It is all one line when unwrapped, 
> as in git log and the like.
> 
> Since we have such a number of people using this password store, it is 
> routine to need to recrypt it as staff turn over. People come and people go, 
> but the commit message never gets shorter. We now have many commits with such 
> long lines.
> 
> I believe people can already use Git to assess which version of gpg-id was 
> active when the commit was made. Commands like `git diff`, `git blame` and 
> `git show` will allow people to view how gpg-id changes over time without it 
> needing to appear in every recrypt commit message.
> 
> I couldn't find any past mention of this in the mailing list archive. Sorry 
> if it was already discussed before and I overlooked it.
> 
> Please find attached a patch which changes the commit message to keep it 
> short and sweet.
> 
> An alternative solution would be to move the extra long parts of the commit 
> message onto a lower line, so that only people using --pretty=full or so 
> would see it.
> 
> Please let me know what you think :)
> 
> 
> Kind regards,
> 
> 
> Tim

> diff --git i/src/password-store.sh w/src/password-store.sh
> index 22e818f..b19ae38 100755
> --- i/src/password-store.sh
> +++ w/src/password-store.sh
> @@ -362,7 +362,7 @@ cmd_init() {
>       fi
>  
>       reencrypt_path "$PREFIX/$id_path"
> -     git_add_file "$PREFIX/$id_path" "Reencrypt password store using new GPG 
> id ${id_print%, }${id_path:+ ($id_path)}."
> +     git_add_file "$PREFIX/$id_path" "Reencrypt password store using latest 
> .gpg-id"
>  }

above we have a similar line:

        git_add_file "$gpg_id" "Set GPG id to ${id_print%, }${id_path:+ 
($id_path)}."

I think it has the same problem?

Looks reasonable overall. The gpg-id information is in Git anyway.

>  
>  cmd_show() {

Reply via email to