Am 10.02.22 um 20:23 schrieb Junio C Hamano: > René Scharfe <l.s.r@xxxxxx> writes: > >>> Yes, which is exactly how this (and existing --add-file) makes >>> Konstantin's plan much less useful. A harder obstacle to verification would be end-of-line conversion. Retrying a failed signature check after applying convert_to_git() might work, but not for files that have mixed line endings in the repository and end up being homogenized during checkout (and thus archiving). >> People added untracked files to archives before --add-file existed. >> >> --add-file-with-content could be used to add the .GIT_ARCHIVE_SIG file. >> >> Additional untracked files would need a manifest to specify which files >> are (not) covered by the signed commit/tag. Or the .GIT_ARCHIVE_SIG >> files could be added just after the signed files as a rule, before any >> other untracked files, as some kind of a separator. > > Or if people do not _exclude_ tracked files from the archive, then > the verifier who has a tarball and a Git tree object can consult the > tree object to see which ones are added untracked cruft. True, but if you have the tree objects then you probably also have the blobs and don't need the archive? Or is this some kind of sparse checkout scenario? >> Some equivalent to the .GIT_ARCHIVE_SIG file containing a signature of >> the untracked files could optionally be added at the end to allow full >> verification -- but would require signing at archive creation time. > > Yeah, and at that point, it is not much more convenient than just > signing the whole archive (sans the SIG part, obviously), which is > what people have always done ;-) Indeed. René
