On Sun, Nov 30, 2014 at 11:55:31PM +0000, Yawning Angel wrote:
On Sun, 30 Nov 2014 17:32:05 -0500 Jason Cooper tor@lakedaemon.net wrote:
It is unauthenticated and you probably shouldn't use it if at all possible.
How does that matter? All of the tags are signed by Nick Mathewson. This allows the server *and* the path to be untrusted.
What about intermediary commits between tagged releases? Yes, signing each commit is possible, and probably even a good idea, but it's not currently done.
git uses chained hashes so that verifying the integrity of the tagged commit also verifies the integrity of the previous commits between the prior tag and the current one (Actually, across the entire history, but once I've cloned and validated, I'm primarily concerned with commits from subsequent pulls).
It seems the git user manual [0] has the clearest description. Each commit hash includes the hash of the parent(s) commit(s) [1], and the trust model is described a little further down, here [2].
thx,
Jason.
[0] https://www.kernel.org/pub/software/scm/git/docs/user-manual.html [1] https://www.kernel.org/pub/software/scm/git/docs/user-manual.html#commit-obj... [2] https://www.kernel.org/pub/software/scm/git/docs/user-manual.html#trust