Andy Lutomirski <luto@xxxxxxxxxxxxxx> writes: > It's possible, in principle, to shove enough metadata into the output > of 'git archive' to allow anyone to verify (without cloning the repo) > to verify that the archive is a correct copy of a given commit. Would > this be considered a useful feature? > > Presumably there would be a 'git untar' command that would report > failure if it fails to verify the archive contents. > > This could be as simple as including copies of the commit object and > all relevant tree objects and checking all of the hashes when > untarring. You only need the object name of the top-level tree. After "untar" the archive into an empty directory, make it a new repository and "git add . && git write-tree"---the result should match the top-level tree the archive was supposed to contain. Of course, you can write "git verify-archive" that does the same computation all in-core, without actually extracting the archive into an empty directory. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html