On Mon, Jun 4, 2012 at 9:48 AM, Dirkjan Ochtman <d...@gentoo.org> wrote: > > You simply walk the tree from root to tip. When you encounter an > unsigned changeset, the nearest signed descendant is responsible for > merging that changeset. >
How do you KNOW that the nearest signed descendant actually merged it? How do you know it wasn't added by a hacker? Also, when walking the tree keep in mind that there isn't just one path in it (with merge commits), and the links are from any particular HEAD going back. I'm not convinced that this is impossible, but it isn't as trivial as it might seem at first glance. Rich
