1 |
On Mon, Jul 2, 2018 at 6:55 PM Rich Freeman <rich0@g.o> wrote: |
2 |
> You might want to read what I wrote then, because I proposed options |
3 |
> for using the git signatures over rsync, as well as for with git |
4 |
> syncing |
5 |
|
6 |
> having a tool that extracts the git |
7 |
> signatures and stores the metadata in the repo (ideally done by infra |
8 |
> before mirroring, but it could be done after the fact as well) |
9 |
|
10 |
Aren't git signatures done over the full commit objects? Meaning you'd |
11 |
need the entire tree of metadata and thus all commits in order to |
12 |
verify? Or do you see some clever opportunity for extracting just |
13 |
enough metadata that you could actually have a file-based, rather than |
14 |
commit-based, verification? |