Gentoo Archives: gentoo-dev

From: Dirkjan Ochtman <djc@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] Git braindump: 1 of N: merging & git signing
Date: Mon, 04 Jun 2012 14:28:19
Message-Id: CAKmKYaA=+-3qe=SRs=u7rY3=08Wjo8H6jStm2bLda2PBNSx7fw@mail.gmail.com
In Reply to: Re: [gentoo-dev] Git braindump: 1 of N: merging & git signing by Rich Freeman
On Mon, Jun 4, 2012 at 4:18 PM, Rich Freeman <rich0@g.o> wrote:
> How do you KNOW that the nearest signed descendant actually merged it? > > How do you know it wasn't added by a hacker?
Because then the signature for the nearest signed descendant wouldn't check out (unless it got hacked before he signed it, of course, but in that case hopefully he wouldn't sign it...).
> Also, when walking the tree keep in mind that there isn't just one > path in it (with merge commits), and the links are from any particular > HEAD going back.  I'm not convinced that this is impossible, but it > isn't as trivial as it might seem at first glance.
Well, this only means there might potentially be multiple nearest signed descendants, but I don't think that's a problem. Feel free to shoot holes in it, but I think this checks out. Of course, we'd have to make sure the tip of whatever is pushed is always signed, but the hook for that should be trivial. Cheers, Dirkjan

Replies

Subject Author
Re: [gentoo-dev] Git braindump: 1 of N: merging & git signing Rich Freeman <rich0@g.o>