Marc Weber <marco-oweber@xxxxxx> writes: > git clone --depth=20 $url; git checkout $hash > > How to verify that I have the contents I think I have - given that I > trust my local git executable? Define what you mean by "contents". Do you care only about the tree state recorded in that $hash, and you also trust that $hash is the correct one? $ git cat-object commit $hash | git hash-object --stdin -t commit would be a way to verify that you do have the commit object everybody else calls $hash, and you can verify the objects contained within the commit whose name is $hash (i.e. its tree and its parents) in a similar way. Use "git ls-tree $tree" to find out the objects your top-level tree recorded in the commit $hash, and you can verify the contents recorded in the tree object recursively. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html