Ludovic Courtès writes: > Hello, > > Just a note for later… > > ludo@gnu.org (Ludovic Courtès) skribis: > >> With the quick-hack libgit2 bindings attached, I can run this program, >> which authenticates HEAD: > > [...] > >> So I think we can go from here. Our repo would contain a Scheme list of >> authorized OpenPGP fingerprints, and we’d check whether the fingerprint >> that shows up in ‘valid-signature’ above is among them > > Storing the list of authorized keys in a file in the repo is > inconvenient: simply to retrieve it, you’d need to make a checkout. So > for each commit we verify, we have to check out the whole repo, which is > inefficient. > > While reading > , I > realized we could store in empty Git commit messages, which would > address the above problem (we could use a custom object type too, but > that would be less convenient.) > > So the special commit could look like: > > Authorization > > (commit-authorizations > (authorization-commit (KEY1 KEY2 …)) > (files ("hydra.gnu.org.pub") (KEY1 KEY2 …)) > (files _ (KEY1 KEY2 …))) ;all other files > > That way, to authenticate a commit, we first fetch the latest > authorization commit, read the authorization rules from there, and make > sure that the changes it makes match the rules. > > Thoughts? Does this *have* to be baked into git? Or are we like the carpenter apprentice who just learned how to use a hammer and considers everything to be a kind of nail…? I see the appeal of having everything in git as that’s where the commits are that should be authenticated, but using special commit messages seems to me like shoehorning update authorization into a code revision tool. You mentioned that checking signatures on commits is also kinda slow because it’s sequential and not cached. I don’t know what I really want, but is there perhaps a way to aggregate signatures on past commits so that the client’s work is reduced…? (I’m very glad you’re thinking about this problem and that you’ve come up with practical steps forward! I don’t know if my thoughts on this topic are useful.) -- Ricardo