1 |
Dnia 2014-09-21, o godz. 09:54:06 |
2 |
Ulrich Mueller <ulm@g.o> napisał(a): |
3 |
|
4 |
> >>>>> On Sun, 21 Sep 2014, Michał Górny wrote: |
5 |
> |
6 |
> > Rich Freeman <rich0@g.o> napisał(a): |
7 |
> >> Ulrich is well-aware of that. His argument is that with cvs there |
8 |
> >> is no security whatsoever in the scm, and so there is more interest |
9 |
> >> in layering security on-top. With git there is more of a tendency |
10 |
> >> to rely on the less-than-robust commit signing system. |
11 |
> >> |
12 |
> >> We could always just keep full manifests in the tree and be no |
13 |
> >> worse off than with cvs. |
14 |
> |
15 |
> > And we would be no better off than with CVS. We'd have huge |
16 |
> > repository with a lot of redundant space-eating data and the |
17 |
> > impossibility of sane merges or rebases. |
18 |
> |
19 |
> Not necessarily. As long as you keep write access to the repository |
20 |
> secure, you don't need anything special there. However, it's a |
21 |
> different story when the tree is distributed via a mirror system that |
22 |
> is not entirely under our control. |
23 |
> |
24 |
> Full manifests could be generated automatically (and signed with an |
25 |
> infra key) when copying the tree from the repository to the master |
26 |
> mirror. |
27 |
|
28 |
Do you really consider keeping a key open for machine signing somewhat |
29 |
secure? |
30 |
|
31 |
-- |
32 |
Best regards, |
33 |
Michał Górny |