Hash history comments and sign them with the author's personal key. #6004
+912
−163
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
It seems to work now.
|
Some tests with 'continue-on-error: true' have failed:
Created by continue-on-error-comment |
Contributor
|
We need a passphrase option here, right? Or what's the standard |
Member
Author
Hrmm, this is a deep rabbit hole to go down that adds a ton of work;
I was planning on having ucm manage these complete for the user as basic EdDSA keys, rather than having the user configure their own keys; thus it's basically treated the same as your Share token, but with the added ability of cryptographic signing and a public key. Do you think passphrases or the other mentioned features are table-stakes? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Overview
Adds a migration which hashes and signs all of a codebase's history comments, as a step towards syncing them with Share.
Implementation approach and notes
Adds a Migration which:
credentials.jsonfile.TODO:
Interesting/controversial decisions
It's hard to know whether personal keys are overkill or not, while it would likely be possible to get away with just Share auth in the short term, I don't think it's really sound in the presence of multiple codeservers; I opted to implement personal keys because I believe I'll get mileage out of them in the future, e.g. they can be used for things like service-account auth in CI and such.
Test coverage
I tested the migration by creating some comments on a trunk build and running the migration on it, then creating some new comments.
Loose ends
Next up is to implement the comment sync APIs.