Gentoo Archives: gentoo-dev

From: Rich Freeman <rich0@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] Git braindump: 1 of N: merging & git signing
Date: Mon, 04 Jun 2012 13:41:34
Message-Id: CAGfcS_=VRi=7n_2rCWLUZUP-HT8h1T6_YfP-oySRUZfWadoc=A@mail.gmail.com
In Reply to: Re: [gentoo-dev] Git braindump: 1 of N: merging & git signing by Dirkjan Ochtman
On Mon, Jun 4, 2012 at 8:45 AM, Dirkjan Ochtman <djc@g.o> wrote:
> > Well, it doesn't seem like a big deal IF there's an explicit merge > commit that's signed by a dev.
I'm not sure about that. If you were verifying a tree, how would you identify which commits were merged in by what dev, using an automated algorithm? The only thing the merge commit contains is a list of two parents, and a tree. It doesn't say which one is which, unless we can rely on their order. Now, all those intermediate commits were never actually published via rsync, so their integrity isn't a direct issue. However, I'm not sure how easy automated verification would be. Rich

Replies

Subject Author
Re: [gentoo-dev] Git braindump: 1 of N: merging & git signing Dirkjan Ochtman <djc@g.o>