On Fri, Jan 13, 2023 at 05:18:40PM +0100, Hans Petter Selasky wrote: > On 1/13/23 17:06, Hans Petter Selasky wrote: > > What's the point? Only so that one party can stay in control? > > Let me phrase it like this: > > You clearly believe in the zero-trust principle. I don't. I'm not sure what you mean here, but git is certainly not zero-trust. When you clone linux.git from git.kernel.org, you're very much trusting that: - I (or members of my team) didn't mess with the repository - Linus (or someone who hacked his laptop) didn't mess with the repository Git is tamper-evident, not tamper-proof, so by definition it cannot be zero-trust. > Why can't git support both beliefs, and it can be configurable somehow then? Well, git is literally built on the concept of unique hashes. It's not possible to make this bit configurable, as it would be a totally different project with entirely different internals. Not saying such framework doesn't have a reason to exist, but it's not something that can be built on top of git. -K
