| 1 |
>>>>> On Sun, 21 Sep 2014, Michał Górny wrote: |
| 2 |
|
| 3 |
> Rich Freeman <rich0@g.o> napisał(a): |
| 4 |
>> Ulrich is well-aware of that. His argument is that with cvs there |
| 5 |
>> is no security whatsoever in the scm, and so there is more interest |
| 6 |
>> in layering security on-top. With git there is more of a tendency |
| 7 |
>> to rely on the less-than-robust commit signing system. |
| 8 |
>> |
| 9 |
>> We could always just keep full manifests in the tree and be no |
| 10 |
>> worse off than with cvs. |
| 11 |
|
| 12 |
> And we would be no better off than with CVS. We'd have huge |
| 13 |
> repository with a lot of redundant space-eating data and the |
| 14 |
> impossibility of sane merges or rebases. |
| 15 |
|
| 16 |
Not necessarily. As long as you keep write access to the repository |
| 17 |
secure, you don't need anything special there. However, it's a |
| 18 |
different story when the tree is distributed via a mirror system that |
| 19 |
is not entirely under our control. |
| 20 |
|
| 21 |
Full manifests could be generated automatically (and signed with an |
| 22 |
infra key) when copying the tree from the repository to the master |
| 23 |
mirror. |
| 24 |
|
| 25 |
Ulrich |
Archives