| 1 |
On Mon, Jul 2, 2018 at 6:55 PM Rich Freeman <rich0@g.o> wrote: |
| 2 |
> You might want to read what I wrote then, because I proposed options |
| 3 |
> for using the git signatures over rsync, as well as for with git |
| 4 |
> syncing |
| 5 |
|
| 6 |
> having a tool that extracts the git |
| 7 |
> signatures and stores the metadata in the repo (ideally done by infra |
| 8 |
> before mirroring, but it could be done after the fact as well) |
| 9 |
|
| 10 |
Aren't git signatures done over the full commit objects? Meaning you'd |
| 11 |
need the entire tree of metadata and thus all commits in order to |
| 12 |
verify? Or do you see some clever opportunity for extracting just |
| 13 |
enough metadata that you could actually have a file-based, rather than |
| 14 |
commit-based, verification? |
Archives