Archives
Archives
| From: | Kent Fredric <kentfredric@×××××.com> | ||
|---|---|---|---|
| To: | gentoo-dev@l.g.o | ||
| Subject: | Re: [gentoo-dev] My masterplan for git migration (+ looking for infra to test it) | ||
| Date: | Sun, 14 Sep 2014 23:37:56 | ||
| Message-Id: | CAATnKFDtLoysrPT_K4fw27u+QHRR62Qh3wDFyzsRejzERMGtvw@mail.gmail.com | ||
| In Reply to: | Re: [gentoo-dev] My masterplan for git migration (+ looking for infra to test it) by hasufell |
||
| 1 | On 15 September 2014 11:25, hasufell <hasufell@g.o> wrote: |
| 2 | |
| 3 | > Robin said |
| 4 | > > The Git commit-signing design explicitly signs the entire commit, |
| 5 | > including blob contents, to avoid this security problem. |
| 6 | > |
| 7 | > Is this correct or not? |
| 8 | > |
| 9 | |
| 10 | I can verify a commit by hand with only the commit object and gpg, but |
| 11 | without any of the trees or parents. |
| 12 | |
| 13 | https://gist.github.com/kentfredric/8448fe55ffab7d314ecb |
| 14 | |
| 15 | |
| 16 | -- |
| 17 | Kent |
| 18 | |
| 19 | *KENTNL* - https://metacpan.org/author/KENTNL |
| Subject | Author |
|---|---|
| Re: [gentoo-dev] My masterplan for git migration (+ looking for infra to test it) | Jauhien Piatlicki <jauhien@g.o> |