1 |
On Mon, Jun 4, 2012 at 4:18 PM, Rich Freeman <rich0@g.o> wrote: |
2 |
> How do you KNOW that the nearest signed descendant actually merged it? |
3 |
> |
4 |
> How do you know it wasn't added by a hacker? |
5 |
|
6 |
Because then the signature for the nearest signed descendant wouldn't |
7 |
check out (unless it got hacked before he signed it, of course, but in |
8 |
that case hopefully he wouldn't sign it...). |
9 |
|
10 |
> Also, when walking the tree keep in mind that there isn't just one |
11 |
> path in it (with merge commits), and the links are from any particular |
12 |
> HEAD going back. I'm not convinced that this is impossible, but it |
13 |
> isn't as trivial as it might seem at first glance. |
14 |
|
15 |
Well, this only means there might potentially be multiple nearest |
16 |
signed descendants, but I don't think that's a problem. Feel free to |
17 |
shoot holes in it, but I think this checks out. |
18 |
|
19 |
Of course, we'd have to make sure the tip of whatever is pushed is |
20 |
always signed, but the hook for that should be trivial. |
21 |
|
22 |
Cheers, |
23 |
|
24 |
Dirkjan |