[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
48/66: programming-2022: Distinguish model and implementation.
From: |
Ludovic Courtès |
Subject: |
48/66: programming-2022: Distinguish model and implementation. |
Date: |
Wed, 29 Jun 2022 11:32:03 -0400 (EDT) |
civodul pushed a commit to branch master
in repository maintenance.
commit 72faaa0483393262ca6a766d9abaf900ef25f33e
Author: Ludovic Courtès <ludo@gnu.org>
AuthorDate: Wed Apr 13 07:52:08 2022 +0200
programming-2022: Distinguish model and implementation.
* doc/programming-2022/supply-chain.skb (Authenticating Git Checkouts):
Separate "the model" from the implementation.
---
doc/programming-2022/supply-chain.skb | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/doc/programming-2022/supply-chain.skb
b/doc/programming-2022/supply-chain.skb
index 92b99ce..2d2bf73 100644
--- a/doc/programming-2022/supply-chain.skb
+++ b/doc/programming-2022/supply-chain.skb
@@ -616,7 +616,16 @@ authentication mechanism must be able to deal with those
changes; a
developer’s signature may only be considered valid for the period during
which the developer was officially an authorized committer.])
- (p [To implement that, we came up with the following mechanism and rule:
+ (p [The model we devised for ,(emph [checkout authentication]) can
+be described as ,(emph [in-band commit authorization]). “In-band” means
+that the information necessary to determine whether a commit is
+legitimate—where it was ,(emph [authorized])—is available in the
+repository itself; this check can thus be made off-line, without
+resorting to a third party. Authorization information follows the
+commit graph: the list of authorized signers for a commit is obtained
+,(emph [in the parent commit(s)]).])
+
+ (p [To implement this model, we came up with the following mechanism and
rule:
,(enumerate
(item [The repository contains a ,(tt [.guix-authorizations])
- 33/66: programming-2022: Augment abstract., (continued)
- 33/66: programming-2022: Augment abstract., Ludovic Courtès, 2022/06/29
- 42/66: cise-2022: Improve a couple of references., Ludovic Courtès, 2022/06/29
- 49/66: programming-2022: Fix typos., Ludovic Courtès, 2022/06/29
- 51/66: doc: Add a few DOIs in .sbib files., Ludovic Courtès, 2022/06/29
- 53/66: programming-2022: Address comments from reviewer C., Ludovic Courtès, 2022/06/29
- 58/66: programming-2022: Add DOIs and "Last accessed" notes., Ludovic Courtès, 2022/06/29
- 62/66: programming-2022: More bibliography tweaks., Ludovic Courtès, 2022/06/29
- 63/66: programming-2022: Typographical tweaks., Ludovic Courtès, 2022/06/29
- 30/66: programming-2022: Expand "Background" section., Ludovic Courtès, 2022/06/29
- 43/66: cise-2022: Inline two references., Ludovic Courtès, 2022/06/29
- 48/66: programming-2022: Distinguish model and implementation.,
Ludovic Courtès <=
- 52/66: programming-2022: Clarify QEMU options, as suggested by reviewers., Ludovic Courtès, 2022/06/29
- 65/66: doc: programming-2022: Add PDF., Ludovic Courtès, 2022/06/29
- 24/66: icse-2022: Mention SLSA and Git{Lab,Hub}., Ludovic Courtès, 2022/06/29
- 27/66: icse-2022: Add reviews and response., Ludovic Courtès, 2022/06/29
- 28/66: icse-2022: Repurpose for <Programming> 2022., Ludovic Courtès, 2022/06/29
- 37/66: programming-2022: Improve rendering of in-line 'prog'., Ludovic Courtès, 2022/06/29
- 39/66: programming-2022: Add illustrations., Ludovic Courtès, 2022/06/29
- 40/66: programming-2022: Tweak., Ludovic Courtès, 2022/06/29
- 41/66: doc: Add CiSE article., Ludovic Courtès, 2022/06/29
- 34/66: programming-2022: Clarify bits., Ludovic Courtès, 2022/06/29