On Sun, 30 Nov 2014 19:19:58 -0500 Jason Cooper tor@lakedaemon.net wrote:
On Sun, Nov 30, 2014 at 11:55:31PM +0000, Yawning Angel wrote:
On Sun, 30 Nov 2014 17:32:05 -0500 Jason Cooper tor@lakedaemon.net wrote:
It is unauthenticated and you probably shouldn't use it if at all possible.
How does that matter? All of the tags are signed by Nick Mathewson. This allows the server *and* the path to be untrusted.
What about intermediary commits between tagged releases? Yes, signing each commit is possible, and probably even a good idea, but it's not currently done.
git uses chained hashes so that verifying the integrity of the tagged commit also verifies the integrity of the previous commits between the prior tag and the current one (Actually, across the entire history, but once I've cloned and validated, I'm primarily concerned with commits from subsequent pulls).
So, I didn't communicate that well, so I'll try again:
Assuming people use the unauthenticated git protocol, and want to clone a copy of master, maint-0.2.4 or maint-0.2.5, how do they ensure that the copy they received is correct?
So "intermediary commits" as in "stuff that happens between releases, with the next release having not happened yet" ('interim' would have been a better word to use in hindsight). Sure you can validate up to the last tag, but for all the commits that follow, there's no magic PGP signed tag that covers those.
I don't see any reason to allow a unauthenticated protocol when authenticated alternatives exist and are well supported in the first place, but that's just me.
Regards,