Re: Git-commits mailing list feed.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 25 Apr 2005, Paul Jakma wrote:

You dont even need it, see my other mail. If:

- the signature is an object and added after the commit object

- tools know that signatures are 'proxies of' or precursors to the
 objects they are signing (which makes sense, a signature by
 definition refers to something else)

- the signature object refers to the object it is signing (eg a
 'Signing <object ID>' header)

Then head can simply be the signature object and tools can find the commit by following the 'Signing' field of the signature (they dont even need to check the signature is valid). No index lookup needed.

You only need the index for historical verification really, and you can always generate an index if needs be. (and have the tools maintain it).

Uh, I have no idea whether verifying a signature of a commit object is sufficient, ie equivalent to signing each file.

commit refers to tree objects, which I presume lists the SHA-1 object IDs of files, but IIRC Linus already described why a signature of the commit object should not be used to trust the rest of commit.. (i'll have to find his mail). If so, an index is required.

regards,
--
Paul Jakma	[email protected]	[email protected]	Key ID: 64A2FF6A
Fortune:
Old programmers never die, they just hit account block limit.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux