On Mon, Jun 4, 2012 at 10:26 AM, Dirkjan Ochtman <firstname.lastname@example.org> wrote:
> On Mon, Jun 4, 2012 at 4:18 PM, Rich Freeman <email@example.com> wrote:
>> How do you KNOW that the nearest signed descendant actually merged it?
>> How do you know it wasn't added by a hacker?
> Because then the signature for the nearest signed descendant wouldn't
> check out (unless it got hacked before he signed it, of course, but in
> that case hopefully he wouldn't sign it...).
When I do a cvs commit, I don't check the logs to make sure the last
25 commits all look valid. So, why would I expect others to do any
differently in git. I make my changes, I run a git pull (bringing in
the hacked commit on gentoo-x86 master), and then merge/rebase in my
changes, signing my commit (which indicates that what _I_ just
commited is good, not that everything before is good). I am not the
one commiting in hacked files - they were there before I got there.
> Of course, we'd have to make sure the tip of whatever is pushed is
> always signed, but the hook for that should be trivial.
Yup, but the hacker wouldn't run the hook.