Re: Git-commits mailing list feed.

From: Paul Jakma
Date: Sun Apr 24 2005 - 22:48:42 EST

Next message: Nick Piggin: "[patch] __block_write_full_page bug"
Previous message: Paul Jakma: "Re: Git-commits mailing list feed."
In reply to: Paul Jakma: "Re: Git-commits mailing list feed."
Next in thread: Matt Domsch: "Re: Git-commits mailing list feed."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 25 Apr 2005, Paul Jakma wrote:

Uh, I have no idea whether verifying a signature of a commit object is sufficient, ie equivalent to signing each file.

commit refers to tree objects, which I presume lists the SHA-1 object IDs of files, but IIRC Linus already described why a signature of the commit object should not be used to trust the rest of commit.. (i'll have to find his mail). If so, an index is required.

Ah, apparently it is sufficient:

Linus:

âJust signing the commit is indeed sufficient to just say "I trust this commit". But I essentially what to also say what I trust it _for_ as well.â

So this would work for commit objects.

It would also work for tag objects, if you pointed people at the signature
object rather than the actual tag object.

regards,
--
Paul Jakma paul@xxxxxxxx paul@xxxxxxxxx Key ID: 64A2FF6A
Fortune:
Humor in the Court:
Q. Were you aquainted with the deceased?
A. Yes, sir.
Q. Before or after he died?

Next message: Nick Piggin: "[patch] __block_write_full_page bug"
Previous message: Paul Jakma: "Re: Git-commits mailing list feed."
In reply to: Paul Jakma: "Re: Git-commits mailing list feed."
Next in thread: Matt Domsch: "Re: Git-commits mailing list feed."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]