Gentoo Archives: gentoo-dev

From: Rich Freeman <rich0@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] Git braindump: 1 of N: merging & git signing
Date: Mon, 04 Jun 2012 14:19:49
Message-Id: CAGfcS_mkN9ZSvJcSUaVf7=+hRpgKeQ0k97YXo4eqAGZQ-3LOYA@mail.gmail.com
In Reply to: Re: [gentoo-dev] Git braindump: 1 of N: merging & git signing by Dirkjan Ochtman
On Mon, Jun 4, 2012 at 9:48 AM, Dirkjan Ochtman <djc@g.o> wrote:
> > You simply walk the tree from root to tip. When you encounter an > unsigned changeset, the nearest signed descendant is responsible for > merging that changeset. >
How do you KNOW that the nearest signed descendant actually merged it? How do you know it wasn't added by a hacker? Also, when walking the tree keep in mind that there isn't just one path in it (with merge commits), and the links are from any particular HEAD going back. I'm not convinced that this is impossible, but it isn't as trivial as it might seem at first glance. Rich

Replies

Subject Author
Re: [gentoo-dev] Git braindump: 1 of N: merging & git signing Dirkjan Ochtman <djc@g.o>