| 1 |
On Mon, Jul 2, 2018, at 12:01 CDT, "Jason A. Donenfeld" <zx2c4@g.o> wrote: |
| 2 |
|
| 3 |
> Aren't git signatures done over the full commit objects? Meaning you'd |
| 4 |
> need the entire tree of metadata and thus all commits in order to |
| 5 |
> verify? Or do you see some clever opportunity for extracting just |
| 6 |
> enough metadata that you could actually have a file-based, rather than |
| 7 |
> commit-based, verification? |
| 8 |
|
| 9 |
|
| 10 |
Git signatures are over the full commit object - and the commit contains |
| 11 |
a hash of the root of the full repository tree. Git internally only |
| 12 |
stores tree snapshots (and not differences). So all you need is exactly |
| 13 |
one signed commit to verify that |
| 14 |
|
| 15 |
- this is the full repository tree the developer saw at the time of the |
| 16 |
commit |
| 17 |
|
| 18 |
- this is the full history the developer saw at the time of the commit |
| 19 |
|
| 20 |
|
| 21 |
Meaning, our current tree signing practice already ensures that |
| 22 |
|
| 23 |
- history cannot be tampered with |
| 24 |
- allows for a complete audit log |
| 25 |
|
| 26 |
(in buzzspeak, we're doing blockchain verification *SCNR*) |
| 27 |
|
| 28 |
Best, |
| 29 |
Matthias |
Archives