[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Fw: Re: Concerns/questions around Software Heritage Archive
From: |
Ryan Prior |
Subject: |
Fw: Re: Concerns/questions around Software Heritage Archive |
Date: |
Sat, 16 Mar 2024 23:40:13 +0000 |
[I intended to CC the following to guix-devel but forgot:]
------- Forwarded Message -------
From: Ryan Prior <rprior@protonmail.com>
Date: On Saturday, March 16th, 2024 at 6:36 PM
Subject: Re: Concerns/questions around Software Heritage Archive
To: Vivien Kraus <vivien@planete-kraus.eu>
>
>
> On Saturday, March 16th, 2024 at 6:13 PM, Vivien Kraus
> vivien@planete-kraus.eu wrote:
>
> > 2. is more difficult, because Guix contributors sometimes change their
> > names too, and a commit reading “update my name” is not the best
> > solution. If I understand correctly, rewriting the history would be
> > understood as a “downgrade attack”, contrary to the ftfy case where the
> > developer could rewrite the history without such consequences. Is my
> > understanding correct?
>
>
> It's only a problem IMO because we make the decision to treat Guix as an
> append-only series of commits and treat any other outcome as a potential
> attack. One alternate solution would be to allow provision of an
> authenticated alternate-history data structure, which indicates a set of (old
> commit hash, new commit hash) tuples going back to the first rewritten commit
> in the history, and the whole thing would be signed by a Guix committer. That
> way, the updating Guix client can rewind history, apply the new commit(s),
> verify that the old chain and new chain match what's provided in the
> alternate-history structure & that its signature is valid. Thus verified, the
> Guix installation could continue without needing to allow a downgrade
> exception.
>
> Perhaps there are much better ways of handling this, but I propose it in
> hopes of clarifying that there are technical solutions which preserve
> integrity while permitting history rewrites in situations where it is
> desirable.
>
> I have requested previously that some commits I've provided be rewritten to
> update my name. In my case, it's because I've sometimes misconfigured my
> email software such that some commits by me are signed just "ryan" or "Ryan
> Prior via Protonmail" or similar, rather than my preference which is "Ryan
> Prior".
>
> In my case this causes me no harm and is simply an annoyance, so when I
> encountered resistance to rewriting the offending commits, I dropped the
> matter, and I still consider it dropped and settled. Even if we developed the
> capability to securely present a rewritten history, I wouldn't demand that
> such be used to address small concerns like mine.
>
> However, I know we have at least two trans Guix contributors. Do they have
> any commits with their deadnames on them? Not that this is an invitation to
> go look; they can tell us if this is a concern worth raising. I include the
> detail to clarify that this is not a distant concern. Perhaps they have been
> silent thus far for the same reason that I have, because the policy against
> rewrites presents too high a barrier? (Or it may not bother them, or maybe
> they used their initials which are the same etc?) In any case I think it
> would be courteous to develop a procedure by which we could remove deadnames
> from old commits, or otherwise remove harmful information from Guix's
> development history, should this become a necessity.
>
> Ryan
- Please hold your horses, (continued)
Re: Concerns/questions around Software Heritage Archive, Ryan Prior, 2024/03/16
- Re: Concerns/questions around Software Heritage Archive, Lars-Dominik Braun, 2024/03/17
- Re: Concerns/questions around Software Heritage Archive, MSavoritias, 2024/03/17
- Re: Concerns/questions around Software Heritage Archive, paul, 2024/03/17
- Re: Concerns/questions around Software Heritage Archive, MSavoritias, 2024/03/17
- Re: Concerns/questions around Software Heritage Archive, Ian Eure, 2024/03/17
- Re: Concerns/questions around Software Heritage Archive, Richard Sent, 2024/03/17
- Re: Concerns/questions around Software Heritage Archive, Tomas Volf, 2024/03/17
- Re: Concerns/questions around Software Heritage Archive, Attila Lendvai, 2024/03/17
contributor uuid (was Re: Concerns/questions around Software Heritage Archive), bae66428a8ad58eafaa98cb0ab2e512f045974ecf4bf947e32096fae574d99c6, 2024/03/20