On Mon, Jun 4, 2012 at 4:18 PM, Rich Freeman <firstname.lastname@example.org> wrote:
> How do you KNOW that the nearest signed descendant actually merged it?
> How do you know it wasn't added by a hacker?
Because then the signature for the nearest signed descendant wouldn't
check out (unless it got hacked before he signed it, of course, but in
that case hopefully he wouldn't sign it...).
> Also, when walking the tree keep in mind that there isn't just one
> path in it (with merge commits), and the links are from any particular
> HEAD going back. I'm not convinced that this is impossible, but it
> isn't as trivial as it might seem at first glance.
Well, this only means there might potentially be multiple nearest
signed descendants, but I don't think that's a problem. Feel free to
shoot holes in it, but I think this checks out.
Of course, we'd have to make sure the tip of whatever is pushed is
always signed, but the hook for that should be trivial.