On Mon, Feb 01, 2016 at 07:10:04PM -0800, Junio C Hamano wrote: > Mike Hommey <mh@xxxxxxxxxxxx> writes: > > > Shouldn't parse_object_buffer also do check_sha1_signature? > > In general, it shouldn't; its callers are supposed to do it as > additional check when/if needed. Callers like the one in fsck.c > does not want to die after seeing one bad one. We want to report > and keep checking other things. Shouldn't some things like, at least, `git checkout`, still check the sha1s, though? Mike -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html