From: | Kent Fredric <kentfredric@×××××.com> | ||
---|---|---|---|
To: | gentoo-dev@l.g.o | ||
Subject: | Re: [gentoo-dev] My masterplan for git migration (+ looking for infra to test it) | ||
Date: | Sun, 14 Sep 2014 23:37:56 | ||
Message-Id: | CAATnKFDtLoysrPT_K4fw27u+QHRR62Qh3wDFyzsRejzERMGtvw@mail.gmail.com | ||
In Reply to: | Re: [gentoo-dev] My masterplan for git migration (+ looking for infra to test it) by hasufell |
1 | On 15 September 2014 11:25, hasufell <hasufell@g.o> wrote: |
2 | |
3 | > Robin said |
4 | > > The Git commit-signing design explicitly signs the entire commit, |
5 | > including blob contents, to avoid this security problem. |
6 | > |
7 | > Is this correct or not? |
8 | > |
9 | |
10 | I can verify a commit by hand with only the commit object and gpg, but |
11 | without any of the trees or parents. |
12 | |
13 | https://gist.github.com/kentfredric/8448fe55ffab7d314ecb |
14 | |
15 | |
16 | -- |
17 | Kent |
18 | |
19 | *KENTNL* - https://metacpan.org/author/KENTNL |
Subject | Author |
---|---|
Re: [gentoo-dev] My masterplan for git migration (+ looking for infra to test it) | Jauhien Piatlicki <jauhien@g.o> |