From: | Mike Frysinger <vapier@g.o> | ||
---|---|---|---|
To: | gentoo-dev@l.g.o | ||
Subject: | Re: [gentoo-dev] rejecting unsigned commits | ||
Date: | Thu, 24 Mar 2011 23:52:52 | ||
Message-Id: | AANLkTikvp7mS26t-cMsth=OU7Ni=4meErZWXLBD=yuwg@mail.gmail.com | ||
In Reply to: | Re: [gentoo-dev] rejecting unsigned commits by "Rémi Cardona" |
1 | On Thu, Mar 24, 2011 at 6:42 PM, Rémi Cardona wrote: |
2 | > PS, wasn't manifest-signing supposed to become moot once we moved to git? |
3 | |
4 | not in the least. git only provides SHA1 which is not |
5 | cryptographically strong, and we will still be mirroring only the |
6 | latest checkout via rsync. the hashs in git require the entire tree |
7 | in order to validate. |
8 | -mike |