Re: upstreaming https://github.com/cgwalters/git-evtag ?

2018-01-08 Thread Colin Walters
On Mon, Jan 8, 2018, at 3:49 PM, Stefan Beller wrote: > On Mon, Jan 8, 2018 at 12:40 PM, Santiago Torres wrote: > > Hi, > > > > I personally like the idea of git-evtags, but I feel that they could be > > made so that push certificates (and being hash-algorithm agnostic) > >

Re: upstreaming https://github.com/cgwalters/git-evtag ?

2018-01-08 Thread Colin Walters
On Mon, Jan 8, 2018, at 3:40 PM, Santiago Torres wrote: > Hi, > > I personally like the idea of git-evtags, but I feel that they could be > made so that push certificates (and being hash-algorithm agnostic) > should provide the same functionality with less code. What's a "push certificate"?

upstreaming https://github.com/cgwalters/git-evtag ?

2018-01-08 Thread Colin Walters
Hi, so quite a while ago I wrote this: https://github.com/cgwalters/git-evtag Since I last posted about this on the list here, of course shattered.io happened. It also looks like there was a node.js implementation written. Any interest in having this in core git?

git-evtag v2016.1

2016-03-08 Thread Colin Walters
A while ago, I started a discussion on stronger verification of git tags: http://permalink.gmane.org/gmane.comp.version-control.git/264533 Since then I've been maintaining: https://github.com/cgwalters/git-evtag Which I think works well. At some point I'd like to discuss merging some of the

Re: weaning distributions off tarballs: extended verification of git tags

2015-07-07 Thread Colin Walters
On Sat, Feb 28, 2015, at 10:48 AM, Colin Walters wrote: Hi, TL;DR: Let's define a standard for embedding stronger checksums in tags and commit messages: https://github.com/cgwalters/homegit/blob/master/bin/git-evtag [time passes] I finally had a bit of time to pick this back up again

Re: weaning distributions off tarballs: extended verification of git tags

2015-03-02 Thread Colin Walters
On Sat, Feb 28, 2015, at 03:34 PM, Morten Welinder wrote: Is there a point to including a different checksum inside a git tag? If someone can break the SHA-1 checksum in the repository then the recorded SHA-256 checksum can be changed. In other words, wouldn't you be just as well off

weaning distributions off tarballs: extended verification of git tags

2015-02-28 Thread Colin Walters
Hi, TL;DR: Let's define a standard for embedding stronger checksums in tags and commit messages: https://github.com/cgwalters/homegit/blob/master/bin/git-evtag I think tarballs should go away as a source distribution mechanism in favor of pure git. I won't go into too many details of the why