[Cryptech Core] git, again

Rob Austein sra at hactrn.net
Sun Jan 12 23:31:59 UTC 2014

Previous message (by thread): [Cryptech Core] admin update
Next message (by thread): [Cryptech Core] git, again
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

We're getting to the point where people want version control.

I'm taking it as read from the discussion in Stockholm that we'll be
using git.  If anybody really wants to revisit that discussion, say
so, but otherwise I consider it a closed issue, git won.

At this point I know how to set up git repositories to which people
will be pushing via HTTPS, but I gather that this is not what cool
kids do in the git world.

So we're probably talking about ssh, as git users would expect.  OK.

Lightweight solutions appear to be gitosis and gitolite.  I would have
preferred gitosis, as very simple, but the hive mind seems to have
declared gitosis to be orphanware.  So, gitolite.  OK.

It turns out that Gerrit (the code review system Peter mentioned) has
similar abilities.  Gerrit is not a light weight solution to anything,
it's a huge Java package with its own internal http and ssh servers.
We may want to use it in the long run anyway, but it's a bit big and
scary to rush into production use.

So I'm currently leaning towards gitolite, probably with Trac, gitweb,
or both as web browsing solutions.  Plain HTTP(S) is probably
sufficient for read-only repository access at the moment, we can think
about running git daemon when there's enough traffic to justify it.

The one big unknown in all this is signed commits.  Peter was
proposing a policy in which all commits would be gpg-signed.  There's
a long document discussing this at:

  http://mikegerwitz.com/papers/git-horror-story.html

The basic mechanism seems straightforward enough, although I'm not yet
sure about all the details of enforcing such a policy (manual
enforcement?  attempt to automate via commit hooks?  how does this
integrate with code review tools?  ...).  We don't necessarily have to
do this from day one (may have already missed the boat on that, as I
gather that Joachim has been busy...), but for it to make sense we
probably do have to pick a flag day and decree that all commits from
that day forward (or, rather, children of that commit) must be signed.

Proposal, just to have something concrete here:

- Start out with gitolite, maybe add gerrit later.

- Sign all commits from day one in these repositories; suggestions
  welcome on how to handle existing unsigned commits, if any.

- Don't attempt to automate enforcement of the signed commit policy,
  but perhaps some kind of cron job that periodically checks for
  unsigned commits would be useful.

Comments?  Serious disagreement on anything?  Suggestions?

Previous message (by thread): [Cryptech Core] admin update
Next message (by thread): [Cryptech Core] git, again
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Core mailing list