On Sun, Nov 30, 2014 at 11:55:31PM +0000, Yawning Angel wrote: > On Sun, 30 Nov 2014 17:32:05 -0500 > Jason Cooper <tor@xxxxxxxxxxxxxx> wrote: > > > It is unauthenticated and you probably shouldn't use it if at all > > > possible. > > > > How does that matter? All of the tags are signed by Nick Mathewson. > > This allows the server *and* the path to be untrusted. > > What about intermediary commits between tagged releases? Yes, signing > each commit is possible, and probably even a good idea, but it's not > currently done. git uses chained hashes so that verifying the integrity of the tagged commit also verifies the integrity of the previous commits between the prior tag and the current one (Actually, across the entire history, but once I've cloned and validated, I'm primarily concerned with commits from subsequent pulls). It seems the git user manual [0] has the clearest description. Each commit hash includes the hash of the parent(s) commit(s) [1], and the trust model is described a little further down, here [2]. thx, Jason. [0] https://www.kernel.org/pub/software/scm/git/docs/user-manual.html [1] https://www.kernel.org/pub/software/scm/git/docs/user-manual.html#commit-object [2] https://www.kernel.org/pub/software/scm/git/docs/user-manual.html#trust
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev