Wireshark-dev: Re: [Wireshark-dev] Git mirror issues

From: Balint Reczey <balint@xxxxxxxxxxxxxxx>
Date: Fri, 08 Nov 2013 14:27:35 +0100
Hi,

On 11/07/2013 11:59 PM, Gerald Combs wrote:
> A while back Erwin Rol noticed that tags weren't showing up in the git
> mirror[1]. I finally had a chance to look into the issue in detail and
> as it turns out some transactions were failing due to a stale lock file.
> After cleaning up the lock file and running 'git fsck' the missing tags
> have appeared.
> 
> I created a new SVN→Git export from scratch for validation. It is
> available at
> 
>   http://code.wireshark.org/git/wireshark-rebase-2013-11-07
> 
> Its history differs quite a bit from the main git mirror, but this
> appears to be due to changes in the identity map (SVN userernames to Git
> email addresses) which were made over the past year.
> 
> The file and directory contents appear to be the same. I compared a
> fresh SVN checkout with a clone of the old and new git mirrors and they
> were all identical except for the VCS metainformation.
> 
> It would be nice to replace the current mirror with a fresh export but
> it looks like that might cause problems. If I run the following:
> 
>   git clone http://code.wireshark.org/git/wireshark ws-git-test
>   cd ws-git-test
>   git remote set-url origin \
>     http://code.wireshark.org/git/wireshark-rebase-2013-11-07
> 
> Then 'git pull' produces a lot of errors but 'git pull --rebase' seems
> to work fine.
> 
> If I *did* freshen the git mirror, would having to rebase cause any
> undue problems for any git users?
Theoretically rebasing private branches should not cause big headaches
to users since the content is the same as the commit they are rebasing
from, but if they forked off from their private brances those branches
have to be rebased as well and this is not handled automatically by git.
Not to mention the merges across private branches.
If we stay with the current git mirror we only have 102 commits of 3
(4?) people which list only usernames and not real life names:
rbalint@chaos:~/projects/wireshark.git$ git log --format=%an
origin/master | grep -v ' ' | wc -l
106

rbalint@chaos:~/projects/wireshark.git$ git log --format=%an
origin/master | grep -v ' ' | sort | uniq
anonsvn
hannes
pascal
ruengeler

I see very little value in fixing the author names retroactively but I
see much bigger potential pain in replacing the git commits.

Speaking of the Git repo it would be nice to have the tags signed by
your key to make attacks on the repo content harder.
Currently both the anonymous svn and git repos allow MITM attacks
against people using them.

Cheers,
Balint


Attachment: signature.asc
Description: OpenPGP digital signature