On Mon, Nov 5, 2012 at 5:07 AM, Nico Williams <[email protected]> wrote: > On Sun, Nov 4, 2012 at 8:42 AM, Ben Laurie <[email protected]> wrote: >> On Sat, Nov 3, 2012 at 12:26 AM, James A. Donald <[email protected]> wrote: >>> On Oct 30, 2012 7:50 AM, "Ben Laurie" <[email protected]> wrote: >>>> The team has ruled out having the master at github. >>> >>> What is wrong with github? >> >> TBH, I wouldn't mind much, but I think the concern is that its not >> under our control. > > It's just git, so keep multiple clone repos. You could use an > internal one as the master and push updates to the github one if you > don't trust github -- use github to serve outsiders.
That is exactly the plan. > Really, what > matters is that you have one master repo and all other official repos > be read-only clones of it. As with any master/slave failover/takeover > scheme you can always recover from the death of the master by > promoting a clone to master status. So why not trust github? Because > they've been hacked? But if you keep multiple clones and people keep > private clones then you depend on git's use of SHA-1 Merkle hash trees > for security. Or, if you want *private* repos, then you must either > run your own git servers or pay a github or gitorious. Indeed. > > Nico > -- _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
