Re: DOC: Revise CG 3.4 Commit Access (issue 4898058)
Pushed as 5f81429c8f8263eef85b4f7881d243cb9722e971 Details of how to push will be in a seperate patch. http://codereview.appspot.com/4898058/ ___ lilypond-devel mailing list lilypond-devel@gnu.org https://lists.gnu.org/mailman/listinfo/lilypond-devel
Re: DOC: Revise CG 3.4 Commit Access (issue 4898058)
Am Monday, 22. August 2011, 09:49:41 schrieben Sie: > Yes, definitely do the pushing stuff in a separate patch. But here's an > outline: > 1. update with >git pull -r > 2. check you only have 1 patch ready with >git status That's the step where I like qgit, because it gives you a really good graphical overview over the commit tree, the changed files and the changes itself. So I can review the exact changes once again. And you also see immediately if you did a "git push" and inadvertedly created a merge commit. Cheers, Reinhold -- -- Reinhold Kainhofer, reinh...@kainhofer.com, http://reinhold.kainhofer.com/ * Financial & Actuarial Math., Vienna Univ. of Technology, Austria * http://www.fam.tuwien.ac.at/, DVR: 0005886 * LilyPond, Music typesetting, http://www.lilypond.org ___ lilypond-devel mailing list lilypond-devel@gnu.org https://lists.gnu.org/mailman/listinfo/lilypond-devel
Re: DOC: Revise CG 3.4 Commit Access (issue 4898058)
2011/8/22 : > Yes, definitely do the pushing stuff in a separate patch. But here's an > outline: > 1. update with > git pull -r > 2. check you only have 1 patch ready with > git status git status shows patches?? Didn't you mean "check that your work is nicely packed in one commit using git log, use 'git rebase -i origin/master' as necessary"? cheers, Janek ___ lilypond-devel mailing list lilypond-devel@gnu.org https://lists.gnu.org/mailman/listinfo/lilypond-devel
Re: DOC: Revise CG 3.4 Commit Access (issue 4898058)
Yes, definitely do the pushing stuff in a separate patch. But here's an outline: 1. update with git pull -r 2. check you only have 1 patch ready with git status 3. upload your changes with git push http://codereview.appspot.com/4898058/ ___ lilypond-devel mailing list lilypond-devel@gnu.org https://lists.gnu.org/mailman/listinfo/lilypond-devel
Re: DOC: Revise CG 3.4 Commit Access (issue 4898058)
Regarding the addition of instructions on how to push, I'd like to do that in a separate patch, unless an experienced developer cares to send me a rough sketch, point form perhaps, which I could then repackage in documentation format. http://codereview.appspot.com/4898058/ ___ lilypond-devel mailing list lilypond-devel@gnu.org https://lists.gnu.org/mailman/listinfo/lilypond-devel
Re: DOC: Revise CG 3.4 Commit Access (issue 4898058)
On 2011/08/18 11:42:06, Reinhold wrote: On 2011/08/18 11:21:22, PhilEHolmes wrote: > LGTM too. My suggestion would be to add some instructions about actually > pushing. It took me a while to convince myself that all that appears to be > needed is to have an unpushed commit and type "git push". Yes, it' s really that simple ;-) We should add the advice, though, to do a "git pull -r" immediately before (to get the latest changes from the server), because otherwise the "git push" might fail if someone else has pushed something to master meanwhile. Yes, i'd very much like to see some information about this. For example i'm not wondering what will happen if i call 'git push' while being an non-master branch. I've looked at git manual, but it's not immediately helpful; i'd have to read much more about git first to understand it. http://codereview.appspot.com/4898058/ ___ lilypond-devel mailing list lilypond-devel@gnu.org https://lists.gnu.org/mailman/listinfo/lilypond-devel
Re: DOC: Revise CG 3.4 Commit Access (issue 4898058)
Am Friday, 19. August 2011, 05:11:30 schrieben Sie: > On Fri, Aug 19, 2011 at 03:21:03AM +0200, Reinhold Kainhofer wrote: > > Am Friday 19 August 2011, 02:29:22 schrieb percival.music...@gmail.com: > > > On 2011/08/18 11:42:13, Reinhold wrote: > > > > Why did you change all dsa to rsa? > > > > It's not only savannah, it's basically everone who knows a little bit > > about security... > > Wait, I'm confused again, so I looked it up. > http://savannah.gnu.org/maintenance/SshAccess > says "we recommend using only RSA keys, not DSA". > > Does that page give incorrect advice? Ah, okay, it's because of the bad random number generator... AFAIK, it's true that with DSA implementation there are much more things that one can mess up and loose security. That's their argument. On the other hand, longer rsa keys have been broken than dsa. Theory vs. practice... Anyway, since Debian apparently shipped a bad random number generator (causing DSA keys to be weak there), some projects like Debian disabled access for dsa keys altogether. So, I retract my objections to rsa keys. Let's change the CG to recomment RSA keys, instead. Cheers, Reinhold -- -- Reinhold Kainhofer, reinh...@kainhofer.com, http://reinhold.kainhofer.com/ * Financial & Actuarial Math., Vienna Univ. of Technology, Austria * http://www.fam.tuwien.ac.at/, DVR: 0005886 * LilyPond, Music typesetting, http://www.lilypond.org ___ lilypond-devel mailing list lilypond-devel@gnu.org https://lists.gnu.org/mailman/listinfo/lilypond-devel
Re: DOC: Revise CG 3.4 Commit Access (issue 4898058)
Reviewers: Graham Percival, phileholmes_googlemail.com, Reinhold, reinhold_kainhofer.com, graham_percival-music.ca, Message: On 2011/08/19 03:11:15, graham_percival-music.ca wrote: On Fri, Aug 19, 2011 at 03:21:03AM +0200, Reinhold Kainhofer wrote: > Am Friday 19 August 2011, 02:29:22 schrieb percival.music...@gmail.com: > > On 2011/08/18 11:42:13, Reinhold wrote: > > > Why did you change all dsa to rsa? > It's not only savannah, it's basically everone who knows a little bit about > security... Wait, I'm confused again, so I looked it up. http://savannah.gnu.org/maintenance/SshAccess says "we recommend using only RSA keys, not DSA". Does that page give incorrect advice? I know just enough about security to know that I don't know about security. I've asked my brother for advice, but ultimately I would recommend starting a discussion with the savannah people if you think they are giving flaws encryption advice. Cheers, - Graham A bit of Googling seems to suggest that while DSA and RSA are generally equivalent in strength for the same key size, DSA is limited to 1024-bit max, while RSA allows up to 4096. Keys of 2048 bits are probably secure for the reasonable future, and are the RSA default. See, for example http://en.wikipedia.org/wiki/Rsa#Security_and_practical_considerations Description: DOC: Revise CG 3.4 Commit Access Please review this at http://codereview.appspot.com/4898058/ Affected files: M Documentation/contributor/source-code.itexi Index: Documentation/contributor/source-code.itexi diff --git a/Documentation/contributor/source-code.itexi b/Documentation/contributor/source-code.itexi index 60c8ca2c123ced3a6816c8241ba92ef831866712..831dbc2f0e1fecd6102a6498d680ff46300635b4 100644 --- a/Documentation/contributor/source-code.itexi +++ b/Documentation/contributor/source-code.itexi @@ -1422,15 +1422,15 @@ Contributor of} on your @qq{My Group Membership} page. @item -Generate an SSH @q{dsa} key pair. Enter the following at the +Generate an SSH @q{rsa} key pair. Enter the following at the command prompt: @example -ssh-keygen -t dsa +ssh-keygen -t rsa @end example When prompted for a location to save the key, press to -accept the default location (@file{~/.ssh/id_dsa}). +accept the default location (@file{~/.ssh/id_rsa}). Next you are asked to enter an optional passphrase. On most systems, if you use a passphrase, you will likely be prompted for @@ -1442,7 +1442,7 @@ though you may find it tedious to keep re-entering it. You can change/enable/disable your passphrase at any time with: @example -ssh-keygen -f ~/.ssh/id_dsa -p +ssh-keygen -f ~/.ssh/id_rsa -p @end example Note that the GNOME desktop has a feature which stores your @@ -1457,14 +1457,14 @@ gconftool-2 --set -t bool \ @end example After setting up your passphrase, your private key is saved as -@file{~/.ssh/id_dsa} and your public key is saved as -@file{~/.ssh/id_dsa.pub}. +@file{~/.ssh/id_rsa} and your public key is saved as +@file{~/.ssh/id_rsa.pub}. @item -Register your public SSH @q{dsa} key with Savannah. From the +Register your public SSH @q{rsa} key with Savannah. From the @qq{My Account Configuration} page, click on @qq{Edit SSH Keys}, -then paste the contents of your @file{~/.ssh/id_dsa.pub} file into +then paste the contents of your @file{~/.ssh/id_rsa.pub} file into one of the @qq{Authorized keys} text fields, and click @qq{Update}. @@ -1485,7 +1485,7 @@ git config remote.origin.url \ @end example @noindent -where @var{user} is your username on Savannah. +replacing @var{user} with your Savannah username. @item @@ -1566,9 +1566,14 @@ git config push.default matching @noindent Then @code{git@tie{}push} should work as before. For more details, consult the @code{git@tie{}push} man page. -@end enumerate +@item +Repeat the steps from generating an RSA key through to testing +your commit access, for each machine from which you will be +making commits. +@end enumerate + @subsubheading Technical details @itemize ___ lilypond-devel mailing list lilypond-devel@gnu.org https://lists.gnu.org/mailman/listinfo/lilypond-devel
Re: DOC: Revise CG 3.4 Commit Access (issue 4898058)
On Fri, Aug 19, 2011 at 03:21:03AM +0200, Reinhold Kainhofer wrote: > Am Friday 19 August 2011, 02:29:22 schrieb percival.music...@gmail.com: > > On 2011/08/18 11:42:13, Reinhold wrote: > > > Why did you change all dsa to rsa? > It's not only savannah, it's basically everone who knows a little bit about > security... Wait, I'm confused again, so I looked it up. http://savannah.gnu.org/maintenance/SshAccess says "we recommend using only RSA keys, not DSA". Does that page give incorrect advice? I know just enough about security to know that I don't know about security. I've asked my brother for advice, but ultimately I would recommend starting a discussion with the savannah people if you think they are giving flaws encryption advice. Cheers, - Graham ___ lilypond-devel mailing list lilypond-devel@gnu.org https://lists.gnu.org/mailman/listinfo/lilypond-devel
Re: DOC: Revise CG 3.4 Commit Access (issue 4898058)
Am Friday 19 August 2011, 02:29:22 schrieb percival.music...@gmail.com: > On 2011/08/18 11:42:13, Reinhold wrote: > > Why did you change all dsa to rsa? > > Really?! this whole topic began because somebody said that savannah > requested that people use dsa because it was more secure. It's not only savannah, it's basically everone who knows a little bit about security... > I figured that if they recommended dsa, we should tell people to use > that to be polite since we're using their service... but if they're > giving out bad advice, then we should get in touch with them. No, they got it right and you got it right. It's just the patch that got it wrong (replacing all dsa by rsa and recommending that). Cheers, Reinhold -- -- Reinhold Kainhofer, Vienna University of Technology, Austria email: reinh...@kainhofer.com, http://reinhold.kainhofer.com/ * Financial and Actuarial Mathematics, TU Wien, http://www.fam.tuwien.ac.at/ * Edition Kainhofer Music Publishing, http://www.edition-kainhofer.com/ * LilyPond music typesetting software, http://www.lilypond.org/ ___ lilypond-devel mailing list lilypond-devel@gnu.org https://lists.gnu.org/mailman/listinfo/lilypond-devel
Re: DOC: Revise CG 3.4 Commit Access (issue 4898058)
On 2011/08/18 11:42:13, Reinhold wrote: Documentation/contributor/source-code.itexi:1425: Generate an SSH @q{rsa} key pair. Enter the following at the Why did you change all dsa to rsa? RSA is the older encryption technology, which is known not to be as secure as DSA... Really?! this whole topic began because somebody said that savannah requested that people use dsa because it was more secure. Could somebody check the savannah docs, maybe look at some pages about encryption to find a more definitive reference (not that I don't trust Reinhold :), and then maybe discuss it with the savannah admins? I figured that if they recommended dsa, we should tell people to use that to be polite since we're using their service... but if they're giving out bad advice, then we should get in touch with them. http://codereview.appspot.com/4898058/ ___ lilypond-devel mailing list lilypond-devel@gnu.org https://lists.gnu.org/mailman/listinfo/lilypond-devel
Re: DOC: Revise CG 3.4 Commit Access (issue 4898058)
http://codereview.appspot.com/4898058/diff/1/Documentation/contributor/source-code.itexi File Documentation/contributor/source-code.itexi (right): http://codereview.appspot.com/4898058/diff/1/Documentation/contributor/source-code.itexi#newcode1425 Documentation/contributor/source-code.itexi:1425: Generate an SSH @q{rsa} key pair. Enter the following at the Why did you change all dsa to rsa? RSA is the older encryption technology, which is known not to be as secure as DSA... http://codereview.appspot.com/4898058/diff/1/Documentation/contributor/source-code.itexi#newcode1574 Documentation/contributor/source-code.itexi:1574: making commits. On 2011/08/18 02:45:05, Graham Percival wrote: An alternate method would be to put the same RSA private+public key on every machine. Yes, that's actually what I'm using, too. You might mention this as something like "... or simply copy the .ssh/id_dsa and .ssh/id_dsa.pub files to each machine". http://codereview.appspot.com/4898058/ ___ lilypond-devel mailing list lilypond-devel@gnu.org https://lists.gnu.org/mailman/listinfo/lilypond-devel
Re: DOC: Revise CG 3.4 Commit Access (issue 4898058)
On 2011/08/18 11:21:22, PhilEHolmes wrote: LGTM too. My suggestion would be to add some instructions about actually pushing. It took me a while to convince myself that all that appears to be needed is to have an unpushed commit and type "git push". Yes, it' s really that simple ;-) We should add the advice, though, to do a "git pull -r" immediately before (to get the latest changes from the server), because otherwise the "git push" might fail if someone else has pushed something to master meanwhile. http://codereview.appspot.com/4898058/ ___ lilypond-devel mailing list lilypond-devel@gnu.org https://lists.gnu.org/mailman/listinfo/lilypond-devel
Re: DOC: Revise CG 3.4 Commit Access (issue 4898058)
LGTM too. My suggestion would be to add some instructions about actually pushing. It took me a while to convince myself that all that appears to be needed is to have an unpushed commit and type "git push". http://codereview.appspot.com/4898058/ ___ lilypond-devel mailing list lilypond-devel@gnu.org https://lists.gnu.org/mailman/listinfo/lilypond-devel