| 1 |
On Mon, Jul 2, 2018 at 7:23 PM Matthias Maier <tamiko@g.o> wrote: |
| 2 |
> stores tree snapshots (and not differences). So all you need is exactly |
| 3 |
> one signed commit to verify that |
| 4 |
> |
| 5 |
> - this is the full repository tree the developer saw at the time of the |
| 6 |
> commit |
| 7 |
> - this is the full history the developer saw at the time of the commit |
| 8 |
|
| 9 |
I'm not sure this is as good, though. I don't think all developers |
| 10 |
verify the whole tree before adding a signature on top. And this |
| 11 |
leaves out file-level granularity, so I can't choose to distrust a |
| 12 |
certain set of developers I know to have poor security practices and |
| 13 |
have .asc files from those developers simply not verify. With the |
| 14 |
extracted-git model, it winds up being "the most recent developer |
| 15 |
signs everything for everybody". This is a bit weaker than what I've |
| 16 |
proposed. |
Archives