git clone --depth=20 $url; git checkout $hash

How to verify that I have the contents I think I have - given that I
trust my local git executable?

Would it be enough to also store the git log --pretty=format:%T $hash
value and check that only? %T is the root tree hash.

Does git checkout verify the file tree checksum when receiving all blob
objects from a server?
Then verifying that %T didn't change should be enough to enable me
fetching sources and trust them without running git fsck which would
fetch all history.

Marc Weber
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to
More majordomo info at

Reply via email to