| 1 |
On Mon, Jun 4, 2012 at 8:45 AM, Dirkjan Ochtman <djc@g.o> wrote: |
| 2 |
> |
| 3 |
> Well, it doesn't seem like a big deal IF there's an explicit merge |
| 4 |
> commit that's signed by a dev. |
| 5 |
|
| 6 |
I'm not sure about that. If you were verifying a tree, how would you |
| 7 |
identify which commits were merged in by what dev, using an automated |
| 8 |
algorithm? |
| 9 |
|
| 10 |
The only thing the merge commit contains is a list of two parents, and |
| 11 |
a tree. It doesn't say which one is which, unless we can rely on |
| 12 |
their order. Now, all those intermediate commits were never actually |
| 13 |
published via rsync, so their integrity isn't a direct issue. |
| 14 |
However, I'm not sure how easy automated verification would be. |
| 15 |
|
| 16 |
Rich |
Archives