On Tue, Mar 3, 2015 at 1:12 AM, Joey Hess <id@xxxxxxxxxx> wrote: > I support this proposal, as someone who no longer releases tarballs > of my software, when I can possibly avoid it. I have worried about > signed tags / commits only being a SHA1 break away from useless. > > As to the implementation, checksumming the collection of raw objects is > certainly superior to tar. Colin had suggested sorting the objects by > checksum, but I don't think that is necessary. Just stream the commit > object, then its tree object, followed by the content of each object > listed in the tree, recursing into subtrees as necessary. That will be a > stable stream for a given commit, or tree. It could be simplified a bit by using ls-tree -r (so you basically have a single big tree). Then hash commit, ls-tree -r output and all blobs pointed by ls-tree in listed order. -- Duy -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html