git clone --depth=20 $url; git checkout $hash
How to verify that I have the contents I think I have - given that I
trust my local git executable?
Would it be enough to also store the git log --pretty=format:%T $hash
value and check that only? %T is the root tree hash.
Does git checkout verify the file tree checksum when receiving all blob
objects from a server?
Then verifying that %T didn't change should be enough to enable me
fetching sources and trust them without running git fsck which would
fetch all history.
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html