Bugzilla – Full Text Bug Listing
| Summary: | Github ip-validation fails with clear-text name but requests Github userid | ||
|---|---|---|---|
| Product: | Community | Reporter: | Markus Karg <markus> |
| Component: | GitHub | Assignee: | Eclipse Webmaster <webmaster> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | major | ||
| Priority: | P3 | CC: | wayne.beaton |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | PC | ||
| OS: | Windows NT | ||
| Whiteboard: | |||
|
Description
Markus Karg
That link points to standard Gerrit documentation. This has nothing to do with the hook we've implemented. Besides, since they use different technology and have different APIs, we have different implementations of the hooks on Gerrit and GitHub. Anyway... AFAICT, it looks like the method (evaluateSignature) that checks the signature considers the signature valid when: * the email address matches the *committer* email address; or * the name matches the *author* GitHub id. The first condition should, I think, be checking the *author* email address. I don't recall matching the GitHub author Id being valid criteria in the requirements, so I'll have to think a bit harder about that. It looks like the implementation also has the flaw that it only checks the first "Signed-off-by". There could, theoretically, be more than one. I'll take a run at a patch. Markus, I can't find a commit in the state you describe in either the git log or any open pull request on jaxrs-api; can verify whether or not the commits in question have different values in the committer and author fields? The ip-validation hook on Github was updated a few months ago. As such I'll close this as resolved, but please reopen if it's still a problem. -M. |