Tom Lord <lord@emf.net> writes: > > My example had Joe downloading a remote signed tree, reviewing the changes > > locally between his own trusted tree and the remote tree, > > In the real world, that "review" step is the weak link. When it goes > wrong, the first step is to make sure we are reviewing a tree everyone > involved *intended* -- and it's only with signed diffs adding up to > that tree that we get there. Hi Tom, I hope I am not speaking out of turn or misinterpreting issues beyond my grasp, but my perception of git is that when you sign a commit, you guarantee that this is indeed the next step in the chronology of your own branch. It's not about diffs; it's about a singular brachial chronology - of course, additional information may be recorded about topological antecedents, but that's not what the signature is about. The diff from that chronology can easily be generated and scrutinized by anyone, and imported or not into another branch. Cheers, -- Dr. Denys Duchier - IRI & LIFL - CNRS, Lille, France AIM: duchierdenys - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.htmlReceived on Sat Apr 30 07:58:17 2005
This archive was generated by hypermail 2.1.8 : 2005-04-30 07:58:17 EST