Archives
Archives
| From: | Mike Frysinger <vapier@g.o> | ||
|---|---|---|---|
| To: | gentoo-dev@l.g.o | ||
| Subject: | Re: [gentoo-dev] rejecting unsigned commits | ||
| Date: | Thu, 24 Mar 2011 23:52:52 | ||
| Message-Id: | AANLkTikvp7mS26t-cMsth=OU7Ni=4meErZWXLBD=yuwg@mail.gmail.com | ||
| In Reply to: | Re: [gentoo-dev] rejecting unsigned commits by "Rémi Cardona" |
||
| 1 | On Thu, Mar 24, 2011 at 6:42 PM, Rémi Cardona wrote: |
| 2 | > PS, wasn't manifest-signing supposed to become moot once we moved to git? |
| 3 | |
| 4 | not in the least. git only provides SHA1 which is not |
| 5 | cryptographically strong, and we will still be mirroring only the |
| 6 | latest checkout via rsync. the hashs in git require the entire tree |
| 7 | in order to validate. |
| 8 | -mike |