From: dwh@linuxprogrammer.org
To: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Cc: "brian m. carlson" <sandals@crustytoothpaste.net>,
"Ævar Arnfjörð Bjarmason" <avarab@gmail.com>,
git@vger.kernel.org
Subject: Re: Is the sha256 object format experimental or not?
Date: Fri, 14 May 2021 10:39:09 -0700 [thread overview]
Message-ID: <20210514173909.GA16542@localhost> (raw)
In-Reply-To: <20210514134501.3vzgqdfwwejafkq7@meerkat.local>
On 14.05.2021 09:45, Konstantin Ryabitsev wrote:
>As you know, this is my third attempt at getting patch attestation off the
>ground.
Yes, I've been following. It's been a long road.
>I'm hoping that this version resolves the downsides of the previous two
>attempts by both being dumb and simple and by only requiring a simple one-time
>setup (via the sendemail-validate hook) with no further changes to the usual
>git-send-email workflow after that.
I'm very interested in whether this one works. You and I are completely
aligned on this. I don't think I'm paying enough attention to the
emailed patch attestations as you have. I think I understand the
requirements but maybe not all of them. Do you have any threads on
public-inbox where you discuss them? I want to make sure that what I'm
doing doesn't undermine anything you're trying to do. The end goal is to
have an air-tight provenance on all contributions and
accountable/audtiable software supply chain. We're all working towards
that.
>I've not yet widely promoted this, as patatt is a very new project, but I'm
>hoping to start reaching out to people to trial it out in the next few weeks.
Hopefully this approach strikes the right balance.
Cheers!
Dave
next prev parent reply other threads:[~2021-05-14 17:39 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-08 2:22 Preserving the ability to have both SHA1 and SHA256 signatures dwh
2021-05-08 6:39 ` Christian Couder
2021-05-08 6:56 ` Junio C Hamano
2021-05-08 8:03 ` Felipe Contreras
2021-05-08 10:11 ` Stefan Moch
2021-05-08 11:12 ` Junio C Hamano
2021-05-09 0:19 ` brian m. carlson
2021-05-10 12:22 ` Is the sha256 object format experimental or not? Ævar Arnfjörð Bjarmason
2021-05-10 22:42 ` brian m. carlson
2021-05-13 20:29 ` dwh
2021-05-13 20:49 ` Konstantin Ryabitsev
2021-05-13 23:47 ` dwh
2021-05-14 13:45 ` Konstantin Ryabitsev
2021-05-14 17:39 ` dwh [this message]
2021-05-13 21:03 ` Junio C Hamano
2021-05-13 23:26 ` dwh
2021-05-14 8:49 ` Ævar Arnfjörð Bjarmason
2021-05-14 18:10 ` dwh
2021-05-18 5:32 ` Jonathan Nieder
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210514173909.GA16542@localhost \
--to=dwh@linuxprogrammer.org \
--cc=avarab@gmail.com \
--cc=git@vger.kernel.org \
--cc=konstantin@linuxfoundation.org \
--cc=sandals@crustytoothpaste.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).