On Sun, Apr 15, 2007 at 01:51:42PM -0700, Linus Torvalds wrote: > There are valid uses to tag sources with some revision information WHEN IT > LEAVES THE REVISION CONTROLLED ENVIRONMENT, but not one second before > that. Nobody has addressed the single problem that I have with adding it when it's leaving the environment, and that's still of paramount concern to me. Simply put, there is a conflict between being able to add revision information of stuff leaving the environment, and those additions breaking previous checksums (which may be digitally signed, and thus breaking the signatures). I'll reduce it further from my previous example. 1. Developer commits some change to file A. 2. The checksum file is updated because A changed (the checksum file explicitly does not contain keywords). 3. Developer signs the checksum file, and commits it. If during the export process (which is undertaken elsewhere, by a different person or script), file A now has an expansion applied to it, you break the checksum file, which you CANNOT redo, because you lose the developer's digital signature on the checksum file! Using the existing git-verify-tag mechanisms are not suitable, because it is the exported information that must be verifiable. There's FOUR possible solutions here: 1. The commit to file A does the keywords - Which Linus is against. 2. An ADDITIONAL commit to file A, after the initial commit, as a scripted addition of the keywords, but before the checksum is updated. I think this is messy myself, as you'd have to insert the data from the N-1 commit always. 3. Lose the ability to tag the files leaving the environment. 4. Stop digitally signing the checksum file (which then leaves the possibility for other attacks). -- Robin Hugh Johnson Gentoo Linux Developer & Council Member E-Mail : robbat2@xxxxxxxxxx GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85
Attachment:
pgp28AVdK90QD.pgp
Description: PGP signature