[Kde-scm-interest] Distributed model VS accountability
Thiago Macieira
thiago at kde.org
Fri Nov 23 16:06:11 CET 2007
Em Thursday 22 November 2007 22:58:29 Robert Wohlrab escreveu:
> Let's do a "git-config user.name \"Aaron Seigo\"" and a "git-config
> user.email \"aseigo at olympusproject.org\"" and now do some commits with some
> nice, hidden security holes in it. Now change your name and mail back, do
> some nice double checked commits and push it to the official server (or let
> somebody else fetch).
> Some months later, slashdot will have a news about "kde allows everyone to
> get root access and aaron seigo was it".
>
> Now let the discussion begin.
Yes, that's what I meant.
Here's an example:
$ cd kdelibs
$ git pull
$ [add questionable code]
$ GIT_COMMITTER_NAME="Thomas Zander" \
GIT_COMMITTER_EMAIL=zander at kde.org \
GIT_AUTHOR_NAME="Thomas Zander" \
GIT_AUTHOR_EMAIL=zander at kde.org \
git commit -m "Questionable commit"
$ git cat-file -p HEAD
tree 17e9962ec1e7a483d95b295739dcc2d5a24fadac
parent e4313d5f83056b15d432bbb3c7a964e1741fd444
author Thomas Zander <zander at kde.org> 1195830248 +0100
committer Thomas Zander <zander at kde.org> 1195830248 +0100
Questionable commit
$ git push
After that push, how can one tell that it was I who sent the questionable
commit, not Thomas?
--
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
PGP/GPG: 0x6EF45358; fingerprint:
E067 918B B660 DBD1 105C 966C 33F5 F005 6EF4 5358
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://mail.kde.org/pipermail/kde-scm-interest/attachments/20071123/65ba1fdb/attachment.pgp
More information about the Kde-scm-interest
mailing list