Pieter Wuille [ARCHIVE] on Nostr: 📅 Original date posted:2014-08-23 📝 Original message:On Sat, Aug 23, 2014 at ...
📅 Original date posted:2014-08-23
📝 Original message:On Sat, Aug 23, 2014 at 8:17 AM, Troy Benjegerdes <hozer at hozed.org> wrote:
> On Fri, Aug 22, 2014 at 09:20:11PM +0200, xor wrote:
>> On Tuesday, August 19, 2014 08:02:37 AM Jeff Garzik wrote:
>> > It would be nice if the issues and git repo for Bitcoin Core were not
>> > on such a centralized service as github, nice and convenient as it is.
>>
>> Assuming there is a problem with that usually is caused by using Git the wrong
>> way or not knowing its capabilities. Nobody can modify / insert a commit
>> before a GnuPG signed commit / tag without breaking the signature.
>> More detail at the bottom at [1], I am sparing you this here because I suspect
>> you already know it and there is something more important I want to stress:
Note that we're generally aiming (though not yet enforcing) to have
merges done through the github-merge tool, which performs the merge
locally, shows the resulting diff, compares it with the merge done by
github, and GnuPG signs it.
That allows using github as easy-access mechanism for people to
contribute and inspect, while having a higher security standard for
the actual changes done to master.
--
Pieter
Published at
2023-06-07 15:25:31Event JSON
{
"id": "c7f5e3bb733a813e5cb7ae1885c8ff469a6f76d476215307514eca837b64576f",
"pubkey": "5cb21bf5d7f25a9d46879713cbd32433bbc10e40ef813a3c28fe7355f49854d6",
"created_at": 1686151531,
"kind": 1,
"tags": [
[
"e",
"c005f45b1cb77392a2804d02a4c758eb9ca30d9af3fd9e762780478d5aeddb7a",
"",
"root"
],
[
"e",
"62b4062e3e30c579039cecbc6816094cacecefa1e35f426b29dba428b4a18faa",
"",
"reply"
],
[
"p",
"de834b230daa8e6d04c44e51929c52dfdc36dc2f4105a0b67060d9dfc30d6ccc"
]
],
"content": "📅 Original date posted:2014-08-23\n📝 Original message:On Sat, Aug 23, 2014 at 8:17 AM, Troy Benjegerdes \u003chozer at hozed.org\u003e wrote:\n\u003e On Fri, Aug 22, 2014 at 09:20:11PM +0200, xor wrote:\n\u003e\u003e On Tuesday, August 19, 2014 08:02:37 AM Jeff Garzik wrote:\n\u003e\u003e \u003e It would be nice if the issues and git repo for Bitcoin Core were not\n\u003e\u003e \u003e on such a centralized service as github, nice and convenient as it is.\n\u003e\u003e\n\u003e\u003e Assuming there is a problem with that usually is caused by using Git the wrong\n\u003e\u003e way or not knowing its capabilities. Nobody can modify / insert a commit\n\u003e\u003e before a GnuPG signed commit / tag without breaking the signature.\n\u003e\u003e More detail at the bottom at [1], I am sparing you this here because I suspect\n\u003e\u003e you already know it and there is something more important I want to stress:\n\nNote that we're generally aiming (though not yet enforcing) to have\nmerges done through the github-merge tool, which performs the merge\nlocally, shows the resulting diff, compares it with the merge done by\ngithub, and GnuPG signs it.\n\nThat allows using github as easy-access mechanism for people to\ncontribute and inspect, while having a higher security standard for\nthe actual changes done to master.\n\n-- \nPieter",
"sig": "9ae03b9c03e82fd905c29f3b1a001baf738478579afe4ddf0e7a1f4905875092d7b5bd211aa2ed8645f0a61a3e6e6a2845a9873ae9ea76b71ea781b1be1db022"
}