-
Notifications
You must be signed in to change notification settings - Fork 86
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add new "proof reissue" command #493
Conversation
To test the code I reissued all 1500+ reviews I had available. That worked fine and I added protection against this "reissue all of them" mode. One corner case though: The iterator returned by One review for this crate has the git "revision" field omitted. If the command What happens is that one of the two reviews then gets reissued again on every "proof reissue" invocation. I tried to debug the behaviour for like two hours but I guess it's better if someone with real knowledge of the internal data structures comments on this minor glitch. |
btw: I noticed #[serde(skip_serializing_if = "proof::equals_default", default)]
pub revision: String,
#[serde(
rename = "revision-type",
skip_serializing_if = "proof::equals_default_revision_type",
default = "proof::default_revision_type"
)]
pub revision_type: String, while pub revision: String,
#[serde(
rename = "revision-type",
skip_serializing_if = "proof::equals_default_revision_type",
default = "proof::default_revision_type"
)] If I remove I must humbly admit that I have no idea what I'm changing there. 🙈 |
👍 on the idea. One thing that would be probably good to have is adding a prefix to the comment about the whole thing being "reissued". Or possibly maybe an additional field for the purpose altogether, somehow linking to the previous version. I need to find some more time to look at the issues you've pointed out. |
Ok, I think I figured it out by giving the code a fresh look: // pkg_review_id by package information, nicely grouped
package_reviews:
BTreeMap<Source, BTreeMap<Name, BTreeMap<Version, HashSet<PkgVersionReviewId>>>>,
/// * author's ID
/// * pkg source
/// * pkg name
/// * pkg version
pub struct PkgVersionReviewId {
from: Id,
package_version_id: proof::PackageVersionId,
} Basically the HashMap stores just one review from the same crev id for the same How should this be handled when reissuing existing reviews? The current PoC implementation calling One way to fix this the easy way is to restrict all proofs-to-be-reissued to the same source id. This would avoid the multiple reviews refer to the same Regarding the other feedback:
Good idea. The information is already in the commit message and it would be way more useful to have it in the actual proof. Proofs don't seem to have a uuid, but the Thanks for your feedback so far and please no rush with this. I might need the feature in many months time only, so lots of time to cook this further. 😀 |
May be like this in the proof yaml format: ----- BEGIN CREV PROOF -----
kind: package review
version: -1
date: 2022-08-27T20:09:44.970188805+02:00
from:
id-type: crev
id: 89j3NY-J-XNtcLZeTgOy5Vp1gd1rYPHlCGoytg9wYuQ <-- current id
url: https://github.com/owner/repo.git
reissue-for:
id-type: crev
id: 6E-JFdHO008HicLRuRBi9TSedIhdscjOAfpokc5Jl0U <-- old id
url: https://github.com/other-owner/some-repo.git
date: 2020-05-25T20:42:42.970188805+02:00 <-- previous review date
..
comment: |-
Minor changes compared to previous version.
[Review was reissued by id 89j3NY-J-XNtcLZeTgOy5Vp1gd1rYPHlCGoytg9wYuQ] Not sure if modifying the comment is a good idea if the information is in the meta data already. The metadata is probably the way. |
In crev There's no need to re-issue an old review version, only the most recent one, IMO. The old versions are to forgotten anyway. |
Reviewes can be keyed only by their checksum to save on space. I would probably go with something more generic than
? I could imagine some people making duplicates for some other reasons so a human readable reason is needed. I'm happy to keep bikesheading the exact names. |
I've implemented the Referencing the proof digest was a pita to implement since the existing data structure The CLI is not very friendly to search by proof digest, so I also included the crev id of the original proof for the human reader. Storing the proof digest now is more or less an investment into the future. The --author and --comment arguments are mandatory now. Making --author mandatory will avoid the collision when reissuing multiple reviews for the same crate+version from multiple source crev ids. If one needs to reissue reviews for multiple crev ids, I don't see a problem with them calling the tool for each crev id. This is the output for a reissued review: ----- BEGIN CREV PROOF -----
kind: package review
version: -1
date: 2022-08-28T11:19:35.643176546+02:00
from:
id-type: crev
id: 89j3NY-J-XNtcLZeTgOy5Vp1gd1rYPHlCGoytg9wYuQ
url: https://github.com/intra2net/crev-proofs-playground.git
original:
id-type: crev
id: FYlr8YoYGVvDwHQxqEIs89reKKDy-oWisoO0qXXEfHE
proof_digest: 3t1MkzxOO_ZY_bt-r5oVeqZUMVS2of0bb7rZK6_xqE0
comment: Reissue to replace compromised id from stolen laptop
package:
source: https://crates.io
name: default
version: 0.1.2
digest: YuxzyXhCHZYMi4__Hj_hCzkQyxRLrZjDqL8usLqA4QY
review:
thoroughness: high
understanding: high
rating: strong
comment: |-
I'm the author. And this crate is 3 lines of trivial code.
----- SIGN CREV PROOF -----
FimnMpCGMKrjid-q43d_rQ2UQxP4HoTbEALghfw4SwOCoD0XZ9_JyvHc8ICG1OFYq7_nPLvvQ_SZcUZODWEdAQ
----- END CREV PROOF ----- This is how the generated git commit message looks like:
|
There's one (new) ergonomic problem with the The questions is: Do we want to keep the This is an example of such an overwrite: ----- BEGIN CREV PROOF -----
kind: package review
version: -1
date: 2022-08-28T11:40:06.009446836+02:00
from:
id-type: crev
id: 89j3NY-J-XNtcLZeTgOy5Vp1gd1rYPHlCGoytg9wYuQ
url: https://github.com/intra2net/crev-proofs-playground.git
original:
id-type: crev
id: FYlr8YoYGVvDwHQxqEIs89reKKDy-oWisoO0qXXEfHE
proof_digest: 3t1MkzxOO_ZY_bt-r5oVeqZUMVS2of0bb7rZK6_xqE0
comment: Reissue to replace compromised id from stolen laptop
package:
source: https://crates.io
name: default
version: 0.1.2
digest: YuxzyXhCHZYMi4__Hj_hCzkQyxRLrZjDqL8usLqA4QY
review:
thoroughness: high
understanding: high
rating: strong
comment: |-
Just hangin' out.
----- SIGN CREV PROOF -----
jg7aU8fueiBmVfU3tR17nz3UWVCFRUGfzmVm-sCx6KXtDzXwtMLY_3QP4s-ffJQ2xUtGcaqhMg9aXF1jenveDw
----- END CREV PROOF ----- I detected this behaviour by chance while testing the new feature. |
An overwrite would no longer be a straight re-signing of the original, I think, so probably no need preserve |
Maybe just |
Sorry, for throwing you a curveball, but that |
ok, thanks, I'll make sure to clear it on the next improvement round. |
I thought including the "proof-" prefix would help people not to mistake it for the digest of the crate files. '-' as separator is a good idea. Given that one can see the "digest:" below "package:" in relative distance in the yaml file, I'm not sure if it's an issue at all since people will notice they will differ for sure. So if you prefer the shorter field name, we can go with that. |
that explains a few things for me ^^ I mentioned this here #493 (comment) at the end: "Proofs don't seem to have a uuid, but the So I was looking for a unique identifier and somehow mistook Signature for it since it's used in a lot of places in the code. 😁 I will have to stop working on this soon for a while (AFK) but I will come back to this feature since it's the missing puzzle piece for organization use (for me). May be I get lucky and the ProofDb is refactored from Signature to Digest as key by then. Please don't feel rushed or pressured though. I don't have any problem rebasing my code later on and throw some parts away. That's normal development process and the knowledge I gained from the inner workings let me to fix up #495 in almost no time. |
5a1edba
to
1d0f1b7
Compare
Implemented this now along with the "proof-digest" field rename. I've rebased the branch on master but didn't squash the commits yet. |
new mapping table has been added. 😁 I also introduced a newtype proof::Digest which can be used in more places in the future and won't be mistaken for a package digest by the code. Besides may be bikeshedding about some naming or console output here and there I think that should complete the feature? |
Everything is perfect. It's just the document format bikesheding. I'm looking at:
And maybe we should remove As for "proof digest", maybe just |
the original crev id might help a human fellow to use "proof find" and locate the original review. As it's not too important and the tooling around "search for proof digest" might improve in the future, I've axed it.
good idea. This is the output from the latest code:
I'm going to clean up the branch now. |
Will be used by upcoming "proof reissue" command to look up the proof digest.
This commands allows to find existing proofs and sign them again with a different id. This comes in handy when an id is going be revoked but the trust of the existing reviews should be retained by a new id. Scenarios: - Old id got compromised - Person leaves an organization, so organization can reissue existing reviews using a different id to maintain trust level.
89cb3a5
to
3ecb2eb
Compare
Thank you! |
PoC implementation for this discussion: #492
"How to deal with a person leaving an organization?"
This commands allows to find existing proofs
and sign them again with a different id.
This comes in handy when an id is going be revoked but
the trust of the existing reviews should be retained by a new id.
Scenarios:
existing reviews using a different id to maintain trust level.
Checklist:
cargo +nightly fmt --all
CHANGELOG.md
if applicableCode is originally based upon the "proof find" code.