📅 Original date posted:2014-08-23 📝 Original message:On Sat, Aug 23, 2014 at ...

Pieter Wuille [ARCHIVE] /

npub1tje…tl6r

2023-06-07 15:25:31

in reply to nevent1q…89s9

📅 Original date posted:2014-08-23
📝 Original message:On Sat, Aug 23, 2014 at 8:17 AM, Troy Benjegerdes <hozer at hozed.org> wrote:
> On Fri, Aug 22, 2014 at 09:20:11PM +0200, xor wrote:
>> On Tuesday, August 19, 2014 08:02:37 AM Jeff Garzik wrote:
>> > It would be nice if the issues and git repo for Bitcoin Core were not
>> > on such a centralized service as github, nice and convenient as it is.
>>
>> Assuming there is a problem with that usually is caused by using Git the wrong
>> way or not knowing its capabilities. Nobody can modify / insert a commit
>> before a GnuPG signed commit / tag without breaking the signature.
>> More detail at the bottom at [1], I am sparing you this here because I suspect
>> you already know it and there is something more important I want to stress:

Note that we're generally aiming (though not yet enforcing) to have
merges done through the github-merge tool, which performs the merge
locally, shows the resulting diff, compares it with the merge done by
github, and GnuPG signs it.

That allows using github as easy-access mechanism for people to
contribute and inspect, while having a higher security standard for
the actual changes done to master.

--
Pieter

Author Public Key

npub1tjephawh7fdf6358jufuh5eyxwauzrjqa7qn50pglee4tayc2ntqcjtl6r

Show more details

Published at

2023-06-07 15:25:31

Kind type

1 Short Text Note

Event JSON

{ "id": "c7f5e3bb733a813e5cb7ae1885c8ff469a6f76d476215307514eca837b64576f", "pubkey": "5cb21bf5d7f25a9d46879713cbd32433bbc10e40ef813a3c28fe7355f49854d6", "created_at": 1686151531, "kind": 1, "tags": [ [ "e", "c005f45b1cb77392a2804d02a4c758eb9ca30d9af3fd9e762780478d5aeddb7a", "", "root" ], [ "e", "62b4062e3e30c579039cecbc6816094cacecefa1e35f426b29dba428b4a18faa", "", "reply" ], [ "p", "de834b230daa8e6d04c44e51929c52dfdc36dc2f4105a0b67060d9dfc30d6ccc" ] ], "content": "📅 Original date posted:2014-08-23\n📝 Original message:On Sat, Aug 23, 2014 at 8:17 AM, Troy Benjegerdes \u003chozer at hozed.org\u003e wrote:\n\u003e On Fri, Aug 22, 2014 at 09:20:11PM +0200, xor wrote:\n\u003e\u003e On Tuesday, August 19, 2014 08:02:37 AM Jeff Garzik wrote:\n\u003e\u003e \u003e It would be nice if the issues and git repo for Bitcoin Core were not\n\u003e\u003e \u003e on such a centralized service as github, nice and convenient as it is.\n\u003e\u003e\n\u003e\u003e Assuming there is a problem with that usually is caused by using Git the wrong\n\u003e\u003e way or not knowing its capabilities. Nobody can modify / insert a commit\n\u003e\u003e before a GnuPG signed commit / tag without breaking the signature.\n\u003e\u003e More detail at the bottom at [1], I am sparing you this here because I suspect\n\u003e\u003e you already know it and there is something more important I want to stress:\n\nNote that we're generally aiming (though not yet enforcing) to have\nmerges done through the github-merge tool, which performs the merge\nlocally, shows the resulting diff, compares it with the merge done by\ngithub, and GnuPG signs it.\n\nThat allows using github as easy-access mechanism for people to\ncontribute and inspect, while having a higher security standard for\nthe actual changes done to master.\n\n-- \nPieter", "sig": "9ae03b9c03e82fd905c29f3b1a001baf738478579afe4ddf0e7a1f4905875092d7b5bd211aa2ed8645f0a61a3e6e6a2845a9873ae9ea76b71ea781b1be1db022" }