Re: weaning distributions off tarballs: extended verification of git tags

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Sam Vilain <sam@vilain.net>
To: Joey Hess <id@joeyh.name>, GIT Mailing List <git@vger.kernel.org>
Subject: Re: weaning distributions off tarballs: extended verification of git tags
Date: Mon, 02 Mar 2015 11:38:00 -0800	[thread overview]
Message-ID: <54F4BC18.5060702@vilain.net> (raw)
In-Reply-To: <20150302181230.GA31798@kitenet.net>

On 03/02/2015 10:12 AM, Joey Hess wrote:
> I support this proposal, as someone who no longer releases tarballs
> of my software, when I can possibly avoid it. I have worried about
> signed tags / commits only being a SHA1 break away from useless.
>
> As to the implementation, checksumming the collection of raw objects is
> certainly superior to tar. Colin had suggested sorting the objects by
> checksum, but I don't think that is necessary. Just stream the commit
> object, then its tree object, followed by the content of each object
> listed in the tree, recursing into subtrees as necessary. That will be a
> stable stream for a given commit, or tree.

I would really just do it exactly the same way that git does: checksum 
the objects including their headers with the new hashes.  I have a hazy 
recollection of what it would take to replace SHA-1 in git with 
something else; it should be possible (though tricky) to do it lazily, 
where a tree entry has bits (eg, some of the currently unused file mode 
bits) to denotes which hash algorithm is in use for the entry.  However 
I don't think that got past idea stage...

Sam

next prev parent reply	other threads:[~2015-03-02 19:43 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-02-28 14:48 weaning distributions off tarballs: extended verification of git tags Colin Walters
2015-02-28 19:14 ` brian m. carlson
2015-02-28 20:34 ` Morten Welinder
2015-03-02 17:09   ` Colin Walters
2015-03-02 18:12     ` Joey Hess
2015-03-02 19:38       ` Sam Vilain [this message]
2015-03-02 20:08         ` Junio C Hamano
2015-03-02 20:52           ` Sam Vilain
2015-03-02 23:20       ` Duy Nguyen
2015-03-02 23:44         ` Junio C Hamano
2015-03-03  0:42           ` Duy Nguyen
2015-03-05 12:36           ` Michael Haggerty
2015-07-08  4:00 ` Colin Walters

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=54F4BC18.5060702@vilain.net \
    --to=sam@vilain.net \
    --cc=git@vger.kernel.org \
    --cc=id@joeyh.name \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.