[tor-dev] Git hosting changes, git:// support discontinued

Jason Cooper tor at lakedaemon.net
Mon Dec 1 00:19:58 UTC 2014

On Sun, Nov 30, 2014 at 11:55:31PM +0000, Yawning Angel wrote:
> On Sun, 30 Nov 2014 17:32:05 -0500
> Jason Cooper <tor at lakedaemon.net> wrote: 
> > > It is unauthenticated and you probably shouldn't use it if at all
> > > possible.
> > 
> > How does that matter?  All of the tags are signed by Nick Mathewson.
> > This allows the server *and* the path to be untrusted.
> What about intermediary commits between tagged releases?  Yes, signing
> each commit is possible, and probably even a good idea, but it's not
> currently done.

git uses chained hashes so that verifying the integrity of the tagged
commit also verifies the integrity of the previous commits between the
prior tag and the current one (Actually, across the entire history, but
once I've cloned and validated, I'm primarily concerned with commits
from subsequent pulls).

It seems the git user manual [0] has the clearest description.  Each
commit hash includes the hash of the parent(s) commit(s) [1], and the
trust model is described a little further down, here [2].



[0] https://www.kernel.org/pub/software/scm/git/docs/user-manual.html
[1] https://www.kernel.org/pub/software/scm/git/docs/user-manual.html#commit-object
[2] https://www.kernel.org/pub/software/scm/git/docs/user-manual.html#trust
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20141130/9409a729/attachment-0001.sig>

More information about the tor-dev mailing list