Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S262514AbVDYDre (ORCPT ); Sun, 24 Apr 2005 23:47:34 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S262515AbVDYDre (ORCPT ); Sun, 24 Apr 2005 23:47:34 -0400 Received: from hibernia.jakma.org ([212.17.55.49]:53122 "EHLO hibernia.jakma.org") by vger.kernel.org with ESMTP id S262514AbVDYDrZ (ORCPT ); Sun, 24 Apr 2005 23:47:25 -0400 Date: Mon, 25 Apr 2005 04:47:07 +0100 (IST) From: Paul Jakma X-X-Sender: paul@sheen.jakma.org To: "David A. Wheeler" cc: Linus Torvalds , Sean , Thomas Glanzmann , David Woodhouse , Jan Dittmer , Greg KH , Kernel Mailing List , Git Mailing List Subject: Re: Git-commits mailing list feed. In-Reply-To: Message-ID: References: <200504210422.j3L4Mo8L021495@hera.kernel.org> <42674724.90005@ppp0.net> <20050422002922.GB6829@kroah.com> <426A4669.7080500@ppp0.net> <1114266083.3419.40.camel@localhost.localdomain> <426A5BFC.1020507@ppp0.net> <1114266907.3419.43.camel@localhost.localdomain> <20050423175422.GA7100@cip.informatik.uni-erlangen.de> <2911.10.10.10.24.1114279589.squirrel@linux1> <426C4168.6030008@dwheeler.com> <426C5F43.8010705@dwheeler.com> Mail-Followup-To: paul@hibernia.jakma.org X-NSA: arafat al aqsar jihad musharef jet-A1 avgas ammonium qran inshallah allah al-akbar martyr iraq saddam hammas hisballah rabin ayatollah korea vietnam revolt mustard gas british airways washington MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="299119927-679278751-1114400738=:14200" Content-ID: Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1609 Lines: 45 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --299119927-679278751-1114400738=:14200 Content-Type: TEXT/PLAIN; CHARSET=utf-8; FORMAT=flowed Content-Transfer-Encoding: 8BIT Content-ID: On Mon, 25 Apr 2005, Paul Jakma wrote: > Uh, I have no idea whether verifying a signature of a commit object is > sufficient, ie equivalent to signing each file. > > commit refers to tree objects, which I presume lists the SHA-1 object IDs of > files, but IIRC Linus already described why a signature of the commit object > should not be used to trust the rest of commit.. (i'll have to find his > mail). If so, an index is required. Ah, apparently it is sufficient: Linus: “Just signing the commit is indeed sufficient to just say "I trust this commit". But I essentially what to also say what I trust it _for_ as well.” So this would work for commit objects. It would also work for tag objects, if you pointed people at the signature object rather than the actual tag object. regards, -- Paul Jakma paul@clubi.ie paul@jakma.org Key ID: 64A2FF6A Fortune: Humor in the Court: Q. Were you aquainted with the deceased? A. Yes, sir. Q. Before or after he died? --299119927-679278751-1114400738=:14200-- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/