Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-dev
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-dev@g.o
From: "Andreas K. Huettel" <dilfridge@g.o>
Subject: Re: Re: Git braindump: 1 of N: merging & git signing
Date: Mon, 04 Jun 2012 22:52:25 +0200
> A signed commit is a signing of the git metadata; tree hash
> (literally, the state of the tree), committer, author, message, and
> parent sha1.  Each git commit includes it's parent sha1 in it; this
> gives a locked history for a given commit sha1 (unless someone
> preimages sha1).  What matters is that the leaf node, the final point
> in the graph, is signed- that's a dev sign off on effectively that
> they created that particular locked history.  Realistically signing of
> each node is preferable, but the leaf is the minimal required.

No. What is signed is the "new data" plus the parent hash(es).

No such thing as a "tree hash".

-- 
Andreas K. Huettel
Gentoo Linux developer
kde, sci, arm, tex, printing
Attachment:
signature.asc (This is a digitally signed message part.)
Replies:
Re: Git braindump: 1 of N: merging & git signing
-- Ciaran McCreesh
References:
Re: Git braindump: 1 of N: merging & git signing
-- Rich Freeman
Re: Git braindump: 1 of N: merging & git signing
-- Rich Freeman
Re: Git braindump: 1 of N: merging & git signing
-- Brian Harring
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Git braindump: 1 of N: merging & git signing
Next by thread:
Re: Git braindump: 1 of N: merging & git signing
Previous by date:
Re: [PATCH vcs-snapshot] Use ${WORKDIR}/${P} rather than ${S} to support ${S} overrides.
Next by date:
Re: Git braindump: 1 of N: merging & git signing


Updated Jun 29, 2012

Summary: Archive of the gentoo-dev mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.