Re: Checksums for git repo content?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

Hello Gordon,

On Thu, 2017-02-09 at 12:38 -0800, Gordon Messmer wrote:
> Git already has the protection you're looking for.  As part of its core 
> design, git uses a hash chain to verify the integrity of its history.  
> Every change and every file is thus protected.  It's impossible to 
> insert changes or to modify the history of the git repository in a way 
> that wouldn't be extremely visible to all users.
> 
> If you check out a module using git, and fetch its external sources 
> using get_sources.sh, you can rest assured that every file used to build 
> an RPM has been hashed and verified.

Alright, understood. Only the sources downloaded with get_sources.sh
need a checksum then. Which are the ones in <package>.metadata.

Thanks for clearing this up and sorry Johnny for the fuzz :) .

Regards,
Leonard.

-- 
mount -t life -o ro /dev/dna /genetic/research


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux