1 |
On Mon, Jul 2, 2018, at 12:01 CDT, "Jason A. Donenfeld" <zx2c4@g.o> wrote: |
2 |
|
3 |
> Aren't git signatures done over the full commit objects? Meaning you'd |
4 |
> need the entire tree of metadata and thus all commits in order to |
5 |
> verify? Or do you see some clever opportunity for extracting just |
6 |
> enough metadata that you could actually have a file-based, rather than |
7 |
> commit-based, verification? |
8 |
|
9 |
|
10 |
Git signatures are over the full commit object - and the commit contains |
11 |
a hash of the root of the full repository tree. Git internally only |
12 |
stores tree snapshots (and not differences). So all you need is exactly |
13 |
one signed commit to verify that |
14 |
|
15 |
- this is the full repository tree the developer saw at the time of the |
16 |
commit |
17 |
|
18 |
- this is the full history the developer saw at the time of the commit |
19 |
|
20 |
|
21 |
Meaning, our current tree signing practice already ensures that |
22 |
|
23 |
- history cannot be tampered with |
24 |
- allows for a complete audit log |
25 |
|
26 |
(in buzzspeak, we're doing blockchain verification *SCNR*) |
27 |
|
28 |
Best, |
29 |
Matthias |