From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1VthzK-0008EZ-3W for bitcoin-development@lists.sourceforge.net; Thu, 19 Dec 2013 18:06:22 +0000 Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of zikula.org designates 74.125.82.44 as permitted sender) client-ip=74.125.82.44; envelope-from=drak@zikula.org; helo=mail-wg0-f44.google.com; Received: from mail-wg0-f44.google.com ([74.125.82.44]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1VthzG-0004n4-Et for bitcoin-development@lists.sourceforge.net; Thu, 19 Dec 2013 18:06:22 +0000 Received: by mail-wg0-f44.google.com with SMTP id a1so1451326wgh.35 for ; Thu, 19 Dec 2013 10:06:12 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=fSj1c0U8z7m0oL5ZEZ0nhj8tpVW5GWX2RpX1nb7pZSQ=; b=kHdLPQrP0hASyYBC1vH78YlZP70GZvXgRDnCwtPhytSaFN50W/WIZCbnBKlnl8oKR/ kFJ79KHXBf+OJCBaDOLJ2Ar1mds4dKtFFghC8ZWhw4fPPYcAsqChywwevpdkJXSJ91x8 SBRyiBPLDwDZHQXkc1QM9+/oHBqaSnXYzWH68QSzjakf8Qbw1MxKE1uhFyWi2L1kznHh QEpV5oAWrimfsyhoKhXCYg0sRT7hy07aFDzfYctKABfYPSL10QuYQe67CXQYc5R0UEVG WALzaBwR4Ra8VrhjhWaQn1f5UFxQoJ2+XvBoeHzRitPSBT76OL7xyQLWmhU25Vu9oeCi 6taw== X-Gm-Message-State: ALoCoQm0nOmwb962LvMeLad0Lbo4uM9Tmt8iC6apVgB4k/+vfMO623k5AgYghMpJwa7w3pETg6IY X-Received: by 10.194.80.137 with SMTP id r9mr176500wjx.88.1387476372081; Thu, 19 Dec 2013 10:06:12 -0800 (PST) MIME-Version: 1.0 Received: by 10.194.93.105 with HTTP; Thu, 19 Dec 2013 10:05:51 -0800 (PST) In-Reply-To: <20131219174406.GA12740@petertodd.org> References: <20131219131706.GA21179@savin> <538d3c4677a4332ae8341e37d1a77d5e.squirrel@fruiteater.riseup.net> <20131219174406.GA12740@petertodd.org> From: Drak Date: Thu, 19 Dec 2013 18:05:51 +0000 Message-ID: To: System undo crew Content-Type: multipart/alternative; boundary=047d7bdc8e864ae68504ede704bb X-Spam-Score: 0.8 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: nabble.com] -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record 1.3 URI_HEX URI: URI hostname has long hexadecimal sequence 1.0 HTML_MESSAGE BODY: HTML included in message X-Headers-End: 1VthzG-0004n4-Et Cc: Bitcoin Dev , Amir Taaki Subject: Re: [Bitcoin-development] [unSYSTEM] DarkWallet Best Practices X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Dec 2013 18:06:22 -0000 --047d7bdc8e864ae68504ede704bb Content-Type: text/plain; charset=UTF-8 How does signing the commit message itself help at all since it just signs the commit message, not the content of the commit. You could commit some code then I. Then I squash my commits into yours and use your commit message. You could also include the previous commit hash in your commit message. But correct me if I am wrong, but that would be difficult (if not impossible) to verify once you get into merging code since the patch can be merged in at another point in history entirely.. and still doesn't work because I can still squash commits into yours. I don't see how it can work at all unless I am missing something obvious (which I fear I may be?). I also don't believe Linus is talking just from the perspective of how the kernel project works. The integrity of a git repository is maintained by the hash chaining and by the distributed nature of the repository. If someone hacked github and changed the history of the tree, the next time you tried to push his code up it would fail because the history had changed - tampering is immediately obvious in git. Regards, Drak On 19 December 2013 17:44, Peter Todd wrote: > On Thu, Dec 19, 2013 at 04:04:17PM -0000, Amir Taaki wrote: > > Looks like for this to actually go to the email lists they need to be in > the To: field. > > > About signing each commit, Linus advises against it: > > > > > http://git.661346.n2.nabble.com/GPG-signing-for-git-commit-td2582986.html > > > > "Btw, there's a final reason, and probably the really real one. Signing > > each commit is totally stupid. It just means that you automate it, and > you > > make the signature worth less. It also doesn't add any real value, since > > the way the git DAG-chain of SHA1's work, you only ever need _one_ > > signature to make all the commits reachable from that one be effectively > > covered by that one. So signing each commit is simply missing the point." > > > > What do you reckon? > > His point is valid, but it's valid in the context of how Linux > development is done, not Bitcoin. The key difference being that Linus > and other kernel developers have a model where code is passed around on > mailing lists and between developers rather than stored on untrustworthy > third-parties like github. > > For instance typically someone will submit a patch to the kernel > development mailing list, example: > http://www.mail-archive.com/linux-kernel@vger.kernel.org/msg558841.html > That patch isn't signed, and the email itself doesn't have to be PGP > signed either. However a trusted maintainer of the relevant subsystem > will (in theory) look over the patch carefully and commit it to their > personal tree on a secure computer. (in theory) > > At some point the maintainer will create a *signed* tag on a commit with > one or more patches, often many patches, another another maintainer > higher in the hierarchy (maybe even Linus) will *merge* that tag into > their tree, hopefully checking the signature first! Modern versions of > git actually include the tag signature in the merge commit, so the > result is signed by the original maintainer; note how this contradicts > Linus's email with regard to the idea of separable signatures. > Eventually multiple such groups of patches build up and the result is > tagged as a release, and that release tag is signed. > > Accountability in this model rests with maintainers, and source-code > stays on a multitude of personal, secure, locations. (in theory) > > > However since we like to use github and tend to get code directly from > it our main risk is github (or similar) being compromised. Given that I > think we're much better off using per-commit signatures, and in effect > continually making the statement "Yes, this commit/merge was really > produced by me on my machine, although I may have made a mistake and > might not have looked at the code as thoroughly as I maybe should have." > The statement *is* weaker than Linus's model of "This signature is > Really Official and Stuff and I've carefully checked everything." but I > think we're much more interested in getting a strong guarantee on who > made the commit than some strong statement about its actual contents - > humans are fallible anyway. > > > Also do you approve of the other link I sent you? > > > > https://wiki.unsystem.net/index.php/DarkWallet/Negotiation > > I think you're conflating identities with the messaging layer; focus on > the latter and use off-the-shelf identity systems like OpenPGP and SSL > certificate authorities. Remember that every new identity system that > gets involved is another way for an attacker to MITM attack you; you're > better off using whatever the user is using already. > > -- > 'peter'[:-1]@petertodd.org > 00000000000000016a442255c6d15cd6e085991c1efffc9caeff5fc6da14368a > > _______________________________________________ > unSYSTEM mailing list: http://unsystem.net > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/unsystem > > --047d7bdc8e864ae68504ede704bb Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
How does signing the commit message itself help at all sin= ce it just signs the commit message, not the content of the commit. You cou= ld commit some code then I. Then I squash my commits into yours and use you= r commit message. You could also include the previous commit hash in your c= ommit message.

But correct me if I am wrong, but that would be difficult (if not = impossible) to verify once you get into merging code since the patch can be= merged in at another point in history entirely.. and still doesn't wor= k because I can still squash commits into yours. I don't see how it can= work at all unless I am missing something obvious (which I fear I may be?)= .

I also don't believe Linus is talking just from the= perspective of how the kernel project works. The integrity of a git reposi= tory is maintained by the hash chaining and by the distributed nature of th= e repository. If someone hacked github and changed the history of the tree,= the next time you tried to push his code up it would fail because the hist= ory had changed - tampering is immediately obvious in git.

Regards,

Drak


On 19 Decemb= er 2013 17:44, Peter Todd <pete@petertodd.org> wrote:
On Thu, Dec 19, 2013 at 04:04:17PM -0000, Am= ir Taaki wrote:

Looks like for this to actually go to the email lists they need to be in the To: field.

> About signing each commit, Linus advises against it:
>
> http://git.661346.n2.nabble.com/GPG-signi= ng-for-git-commit-td2582986.html
>
> "Btw, there's a final reason, and probably the really real on= e. Signing
> each commit is totally stupid. It just means that you automate it, and= you
> make the signature worth less. It also doesn't add any real value,= since
> the way the git DAG-chain of SHA1's work, you only ever need _one_=
> signature to make all the commits reachable from that one be effective= ly
> covered by that one. So signing each commit is simply missing the poin= t."
>
> What do you reckon?

His point is valid, but it's valid in the context of how Linux development is done, not Bitcoin. The key difference being that Linus
and other kernel developers have a model where code is passed around on
mailing lists and between developers rather than stored on untrustworthy third-parties like github.

For instance typically someone will submit a patch to the kernel
development mailing list, example:
http://www.mail-archive.com/linux-kernel@vger.ke= rnel.org/msg558841.html
That patch isn't signed, and the email itself doesn't have to be PG= P
signed either. However a trusted maintainer of the relevant subsystem
will (in theory) look over the patch carefully and commit it to their
personal tree on a secure computer. (in theory)

At some point the maintainer will create a *signed* tag on a commit with one or more patches, often many patches, another another maintainer
higher in the hierarchy (maybe even Linus) will *merge* that tag into
their tree, hopefully checking the signature first! Modern versions of
git actually include the tag signature in the merge commit, so the
result is signed by the original maintainer; note how this contradicts
Linus's email with regard to the idea of separable signatures.
Eventually multiple such groups of patches build up and the result is
tagged as a release, and that release tag is signed.

Accountability in this model rests with maintainers, and source-code
stays on a multitude of personal, secure, locations. (in theory)


However since we like to use github and tend to get code directly from
it our main risk is github (or similar) being compromised. Given that I
think we're much better off using per-commit signatures, and in effect<= br> continually making the statement "Yes, this commit/merge was really produced by me on my machine, although I may have made a mistake and
might not have looked at the code as thoroughly as I maybe should have.&quo= t;
The statement *is* weaker than Linus's model of "This signature is=
Really Official and Stuff and I've carefully checked everything." = but I
think we're much more interested in getting a strong guarantee on who made the commit than some strong statement about its actual contents -
humans are fallible anyway.

> Also do you approve of the other link I sent you?
>
> https://wiki.unsystem.net/index.php/DarkWallet/Negotiati= on

I think you're conflating identities with the messaging layer; fo= cus on
the latter and use off-the-shelf identity systems like OpenPGP and SSL
certificate authorities. Remember that every new identity system that
gets involved is another way for an attacker to MITM attack you; you're=
better off using whatever the user is using already.

--
'peter'[:-1]@pet= ertodd.org
00000000000000016a442255c6d15cd6e085991c1efffc9caeff5fc6da14368a

_______________________________________________
unSYSTEM mailing list: ht= tp://unsystem.net
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/u= nsystem


--047d7bdc8e864ae68504ede704bb--