1 |
On Mon, Jul 2, 2018 at 7:23 PM Matthias Maier <tamiko@g.o> wrote: |
2 |
> stores tree snapshots (and not differences). So all you need is exactly |
3 |
> one signed commit to verify that |
4 |
> |
5 |
> - this is the full repository tree the developer saw at the time of the |
6 |
> commit |
7 |
> - this is the full history the developer saw at the time of the commit |
8 |
|
9 |
I'm not sure this is as good, though. I don't think all developers |
10 |
verify the whole tree before adding a signature on top. And this |
11 |
leaves out file-level granularity, so I can't choose to distrust a |
12 |
certain set of developers I know to have poor security practices and |
13 |
have .asc files from those developers simply not verify. With the |
14 |
extracted-git model, it winds up being "the most recent developer |
15 |
signs everything for everybody". This is a bit weaker than what I've |
16 |
proposed. |