Issue 4898058: DOC: Revise CG 3.4 Commit Access (Closed)
|
Created:
13 years, 8 months ago by Colin Campbell Modified:
13 years, 8 months ago CC:
lilypond-devel_gnu.org Visibility:
Public. |
DescriptionDOC: Revise CG 3.4 Commit Access
Patch Set 1 #
Total comments: 3
MessagesTotal messages: 15
LGTM, one suggestion. http://codereview.appspot.com/4898058/diff/1/Documentation/contributor/source... File Documentation/contributor/source-code.itexi (right): http://codereview.appspot.com/4898058/diff/1/Documentation/contributor/source... Documentation/contributor/source-code.itexi:1574: making commits. An alternate method would be to put the same RSA private+public key on every machine. Since this is aimed at serious developers, let's include both methods. If it confuses somebody, they can always ask.
Sign in to reply to this message.
LGTM too. My suggestion would be to add some instructions about actually pushing. It took me a while to convince myself that all that appears to be needed is to have an unpushed commit and type "git push".
Sign in to reply to this message.
On 2011/08/18 11:21:22, PhilEHolmes wrote: > LGTM too. My suggestion would be to add some instructions about actually > pushing. It took me a while to convince myself that all that appears to be > needed is to have an unpushed commit and type "git push". Yes, it' s really that simple ;-) We should add the advice, though, to do a "git pull -r" immediately before (to get the latest changes from the server), because otherwise the "git push" might fail if someone else has pushed something to master meanwhile.
Sign in to reply to this message.
http://codereview.appspot.com/4898058/diff/1/Documentation/contributor/source... File Documentation/contributor/source-code.itexi (right): http://codereview.appspot.com/4898058/diff/1/Documentation/contributor/source... Documentation/contributor/source-code.itexi:1425: Generate an SSH @q{rsa} key pair. Enter the following at the Why did you change all dsa to rsa? RSA is the older encryption technology, which is known not to be as secure as DSA... http://codereview.appspot.com/4898058/diff/1/Documentation/contributor/source... Documentation/contributor/source-code.itexi:1574: making commits. On 2011/08/18 02:45:05, Graham Percival wrote: > An alternate method would be to put the same RSA private+public key on every > machine. Yes, that's actually what I'm using, too. You might mention this as something like "... or simply copy the .ssh/id_dsa and .ssh/id_dsa.pub files to each machine".
Sign in to reply to this message.
On 2011/08/18 11:42:13, Reinhold wrote:
> Documentation/contributor/source-code.itexi:1425: Generate an SSH @q{rsa} key
> pair. Enter the following at the
> Why did you change all dsa to rsa? RSA is the older encryption technology,
which
> is known not to be as secure as DSA...
Really?! this whole topic began because somebody said that savannah requested
that people use dsa because it was more secure.
Could somebody check the savannah docs, maybe look at some pages about
encryption to find a more definitive reference (not that I don't trust Reinhold
:), and then maybe discuss it with the savannah admins?
I figured that if they recommended dsa, we should tell people to use that to be
polite since we're using their service... but if they're giving out bad advice,
then we should get in touch with them.
Sign in to reply to this message.
Am Friday 19 August 2011, 02:29:22 schrieb percival.music.ca@gmail.com: > On 2011/08/18 11:42:13, Reinhold wrote: > > Why did you change all dsa to rsa? > > Really?! this whole topic began because somebody said that savannah > requested that people use dsa because it was more secure. It's not only savannah, it's basically everone who knows a little bit about security... > I figured that if they recommended dsa, we should tell people to use > that to be polite since we're using their service... but if they're > giving out bad advice, then we should get in touch with them. No, they got it right and you got it right. It's just the patch that got it wrong (replacing all dsa by rsa and recommending that). Cheers, Reinhold -- ------------------------------------------------------------------ Reinhold Kainhofer, Vienna University of Technology, Austria email: reinhold@kainhofer.com, http://reinhold.kainhofer.com/ * Financial and Actuarial Mathematics, TU Wien, http://www.fam.tuwien.ac.at/ * Edition Kainhofer Music Publishing, http://www.edition-kainhofer.com/ * LilyPond music typesetting software, http://www.lilypond.org/
Sign in to reply to this message.
On Fri, Aug 19, 2011 at 03:21:03AM +0200, Reinhold Kainhofer wrote: > Am Friday 19 August 2011, 02:29:22 schrieb percival.music.ca@gmail.com: > > On 2011/08/18 11:42:13, Reinhold wrote: > > > Why did you change all dsa to rsa? > It's not only savannah, it's basically everone who knows a little bit about > security... Wait, I'm confused again, so I looked it up. http://savannah.gnu.org/maintenance/SshAccess says "we recommend using only RSA keys, not DSA". Does that page give incorrect advice? I know just enough about security to know that I don't know about security. I've asked my brother for advice, but ultimately I would recommend starting a discussion with the savannah people if you think they are giving flaws encryption advice. Cheers, - Graham
Sign in to reply to this message.
On 2011/08/19 03:11:15, graham_percival-music.ca wrote: > On Fri, Aug 19, 2011 at 03:21:03AM +0200, Reinhold Kainhofer wrote: > > Am Friday 19 August 2011, 02:29:22 schrieb percival.music.ca@gmail.com: > > > On 2011/08/18 11:42:13, Reinhold wrote: > > > > Why did you change all dsa to rsa? > > > It's not only savannah, it's basically everone who knows a little bit about > > security... > > Wait, I'm confused again, so I looked it up. > http://savannah.gnu.org/maintenance/SshAccess > says "we recommend using only RSA keys, not DSA". > > Does that page give incorrect advice? > > > I know just enough about security to know that I don't know about > security. I've asked my brother for advice, but ultimately I > would recommend starting a discussion with the savannah people if > you think they are giving flaws encryption advice. > > Cheers, > - Graham A bit of Googling seems to suggest that while DSA and RSA are generally equivalent in strength for the same key size, DSA is limited to 1024-bit max, while RSA allows up to 4096. Keys of 2048 bits are probably secure for the reasonable future, and are the RSA default. See, for example http://en.wikipedia.org/wiki/Rsa#Security_and_practical_considerations
Sign in to reply to this message.
Am Friday, 19. August 2011, 05:11:30 schrieben Sie: > On Fri, Aug 19, 2011 at 03:21:03AM +0200, Reinhold Kainhofer wrote: > > Am Friday 19 August 2011, 02:29:22 schrieb percival.music.ca@gmail.com: > > > On 2011/08/18 11:42:13, Reinhold wrote: > > > > Why did you change all dsa to rsa? > > > > It's not only savannah, it's basically everone who knows a little bit > > about security... > > Wait, I'm confused again, so I looked it up. > http://savannah.gnu.org/maintenance/SshAccess > says "we recommend using only RSA keys, not DSA". > > Does that page give incorrect advice? Ah, okay, it's because of the bad random number generator... AFAIK, it's true that with DSA implementation there are much more things that one can mess up and loose security. That's their argument. On the other hand, longer rsa keys have been broken than dsa. Theory vs. practice... Anyway, since Debian apparently shipped a bad random number generator (causing DSA keys to be weak there), some projects like Debian disabled access for dsa keys altogether. So, I retract my objections to rsa keys. Let's change the CG to recomment RSA keys, instead. Cheers, Reinhold -- ------------------------------------------------------------------ Reinhold Kainhofer, reinhold@kainhofer.com, http://reinhold.kainhofer.com/ * Financial & Actuarial Math., Vienna Univ. of Technology, Austria * http://www.fam.tuwien.ac.at/, DVR: 0005886 * LilyPond, Music typesetting, http://www.lilypond.org
Sign in to reply to this message.
On 2011/08/18 11:42:06, Reinhold wrote: > On 2011/08/18 11:21:22, PhilEHolmes wrote: > > LGTM too. My suggestion would be to add some instructions about actually > > pushing. It took me a while to convince myself that all that appears to be > > needed is to have an unpushed commit and type "git push". > > Yes, it' s really that simple ;-) > We should add the advice, though, to do a "git pull -r" immediately before (to > get the latest changes from the server), because otherwise the "git push" might > fail if someone else has pushed something to master meanwhile. Yes, i'd very much like to see some information about this. For example i'm not wondering what will happen if i call 'git push' while being an non-master branch. I've looked at git manual, but it's not immediately helpful; i'd have to read much more about git first to understand it.
Sign in to reply to this message.
Regarding the addition of instructions on how to push, I'd like to do that in a separate patch, unless an experienced developer cares to send me a rough sketch, point form perhaps, which I could then repackage in documentation format.
Sign in to reply to this message.
Yes, definitely do the pushing stuff in a separate patch. But here's an outline: 1. update with git pull -r 2. check you only have 1 patch ready with git status 3. upload your changes with git push
Sign in to reply to this message.
2011/8/22 <percival.music.ca@gmail.com>: > Yes, definitely do the pushing stuff in a separate patch. But here's an > outline: > 1. update with > git pull -r > 2. check you only have 1 patch ready with > git status git status shows patches?? Didn't you mean "check that your work is nicely packed in one commit using git log, use 'git rebase -i origin/master' as necessary"? cheers, Janek
Sign in to reply to this message.
Am Monday, 22. August 2011, 09:49:41 schrieben Sie: > Yes, definitely do the pushing stuff in a separate patch. But here's an > outline: > 1. update with > git pull -r > 2. check you only have 1 patch ready with > git status That's the step where I like qgit, because it gives you a really good graphical overview over the commit tree, the changed files and the changes itself. So I can review the exact changes once again. And you also see immediately if you did a "git push" and inadvertedly created a merge commit. Cheers, Reinhold -- ------------------------------------------------------------------ Reinhold Kainhofer, reinhold@kainhofer.com, http://reinhold.kainhofer.com/ * Financial & Actuarial Math., Vienna Univ. of Technology, Austria * http://www.fam.tuwien.ac.at/, DVR: 0005886 * LilyPond, Music typesetting, http://www.lilypond.org
Sign in to reply to this message.
Pushed as 5f81429c8f8263eef85b4f7881d243cb9722e971 Details of how to push will be in a seperate patch.
Sign in to reply to this message.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
