[tor-dev] Git hosting changes, git:// support discontinued

[Yawning Angel]

On Sun, 30 Nov 2014 19:19:58 -0500
Jason Cooper <tor at lakedaemon.net> wrote:

> On Sun, Nov 30, 2014 at 11:55:31PM +0000, Yawning Angel wrote:
> > On Sun, 30 Nov 2014 17:32:05 -0500
> > Jason Cooper <tor at lakedaemon.net> wrote: 
> > > > It is unauthenticated and you probably shouldn't use it if at
> > > > all possible.
> > > 
> > > How does that matter?  All of the tags are signed by Nick
> > > Mathewson. This allows the server *and* the path to be untrusted.
> > 
> > What about intermediary commits between tagged releases?  Yes,
> > signing each commit is possible, and probably even a good idea, but
> > it's not currently done.
> 
> git uses chained hashes so that verifying the integrity of the tagged
> commit also verifies the integrity of the previous commits between the
> prior tag and the current one (Actually, across the entire history,
> but once I've cloned and validated, I'm primarily concerned with
> commits from subsequent pulls).

So, I didn't communicate that well, so I'll try again:

Assuming people use the unauthenticated git protocol, and want to
clone a copy of master, maint-0.2.4 or maint-0.2.5, how do they ensure
that the copy they received is correct?

So "intermediary commits" as in "stuff that happens between releases,
with the next release having not happened yet" ('interim' would have
been a better word to use in hindsight). Sure you can validate up to the
last tag, but for all the commits that follow, there's no magic PGP
signed tag that covers those.

I don't see any reason to allow a unauthenticated protocol when
authenticated alternatives exist and are well supported in the first
place, but that's just me.

Regards,

-- 
Yawning Angel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20141201/69d271e2/attachment.sig>