archive mirror
 help / color / mirror / Atom feed
From: Konstantin Ryabitsev <>
Cc: "brian m. carlson" <>,
	"Ævar Arnfjörð Bjarmason" <>,
Subject: Re: Is the sha256 object format experimental or not?
Date: Thu, 13 May 2021 16:49:57 -0400	[thread overview]
Message-ID: <20210513204957.5g76czb5bk3thlep@meerkat.local> (raw)
In-Reply-To: <20210513202919.GE11882@localhost>

On Thu, May 13, 2021 at 01:29:19PM -0700, wrote:
> 3. The key material used for identifying contributors needs to move into
>   the repos themselves for many reasons but the most important two
>   reasons are (1) the repo comes with all of the data necessary to
>   verify all of the digital signatures (i.e. solving the PKI problem
>   for a project) and (2) to track the provenance of the public keys and
>   other related data that each contributor uses. If Git repos contain
>   provenance logs that are controlled and maintained by each
>   contributor, those logs can also contain digital signatures over the
>   code of conduct and the developer certificate of origin and other
>   governing documents for a project that are legally binding (i.e.
>   follow eIDAS and other legal digital signature rules). Solving the
>   PKI problem alone makes digitally signing commits infinitely more
>   useful and will drive adoption. Solving the non-repudiable provenance
>   problem is the raison d'être of organizations like the Linux
>   Foundation. I think Git should align itself with where technology is
>   heading on that front.


Check out what we're doing as part of patatt and b4:

It takes your keyring-in-git idea and runs with it -- it would be good to have
your input while the project is still young and widely unknown. :)


  reply	other threads:[~2021-05-13 20:50 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-05-08  2:22 Preserving the ability to have both SHA1 and SHA256 signatures dwh
2021-05-08  6:39 ` Christian Couder
2021-05-08  6:56   ` Junio C Hamano
2021-05-08  8:03     ` Felipe Contreras
2021-05-08 10:11       ` Stefan Moch
2021-05-08 11:12         ` Junio C Hamano
2021-05-09  0:19 ` brian m. carlson
2021-05-10 12:22   ` Is the sha256 object format experimental or not? Ævar Arnfjörð Bjarmason
2021-05-10 22:42     ` brian m. carlson
2021-05-13 20:29       ` dwh
2021-05-13 20:49         ` Konstantin Ryabitsev [this message]
2021-05-13 23:47           ` dwh
2021-05-14 13:45             ` Konstantin Ryabitsev
2021-05-14 17:39               ` dwh
2021-05-13 21:03         ` Junio C Hamano
2021-05-13 23:26           ` dwh
2021-05-14  8:49           ` Ævar Arnfjörð Bjarmason
2021-05-14 18:10             ` dwh
2021-05-18  5:32         ` Jonathan Nieder

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210513204957.5g76czb5bk3thlep@meerkat.local \ \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).