Tom Lord wrote: > > Call me a naive git, but seems to me the "git way" is a little > > different. It's tree-based rather than diff-based, and doesn't involve > > passing diffs around, right? > > Isn't that a significant part of what I said? Go back and read more > carefully, is my suggestion. > > > Or am I missing something? > > Very much so. So far, this is a frustrating conversation to watch. Here's my own interpretation, presented to help the participants understand whether or not their intended messages are getting through clearly. Originally, Tom seemed to claim that the problem was that git requires you to sign an entire tree, rather than a diff, even though the signer is only vouching for their diff. Linus responded by saying that a git signature of a tree would match that description, but signing a commit is different. I think he claimed that (by convention) signing a commit ONLY means you are signing the most recent change, which turned tree A into tree B. Tom then appeared to propose some specific attacks that could work against the git model. The precondition seems to be if the patch receiver does not exhaustively analyze each and every patch. The receiver trusts the contents based solely on who signed the commit object. One category of attacks were that a computer or communication channel was broken. It's not immediately clear to me how git's model contributes any weakness to these cases, compared to other signing strategies. The other category of attack mentioned was social, such as a signer creating a patch that claims to do one thing, but actually does another. Again, I don't see how git is weaker in this case than any other tool. Noel then pointed out that in practice, someone receiving a signed commit in git would view the commit comments and the diff, so the effect is similar to having the diff itself be signed. And that's where we are right now. So, from here, it looks like Tom needs to be more specific about which attacks might be more effective against git's signing strategy than against signed diffs. Kevin - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.htmlReceived on Sat Apr 30 06:34:47 2005
This archive was generated by hypermail 2.1.8 : 2005-04-30 06:35:18 EST