[Geany-devel] Git switch (for real) (was: Re: geany on github; why not?)

[Jiří Techet]

On Mon, Oct 3, 2011 at 20:21, Frank Lanitz <frank at frank.uvena.de> wrote:
> On Mon, 3 Oct 2011 18:59:49 +0200
> Jiří Techet <techet at gmail.com> wrote:
>
>> On Mon, Oct 3, 2011 at 17:28, Colomban Wendling
>> <lists.ban at herbesfolles.org> wrote:
>> > Hi all,
>> >
>> > Now the release is out, it's time for the real migration.  There's
>> > things to do then, and perhaps a few we still need to agree on.
>> >
>> >
>> > Le 05/09/2011 23:05, Jiří Techet a écrit :
>> >> [...]
>> >>
>> >> End of the long email finally! I tried to record all what needs to
>> >> be done so nothing is forgotten once the real migration takes place
>> >> because some of the stuff took some time to discover.
>> >
>> > @Jiří: Would you mind doing the real export since you know have a
>> > little experience?
>>
>> Sure, no problem. Just one thing I'd like to mention - I may be a
>> security problem. During the export I can modify any commit (e.g. to
>> send me the contents of the editor by email) and you probably won't
>> notice. On the other hand, the good thing is that:
>>
>> 1. I don't feel it's something I'd like to do (but you cannot be sure
>> I'm telling you the truth)
>
> Well. We can verify the hash of source code after transition with the
> hash we do have signed on server or e.g. in our personal git repos.

No, I don't think you can - if you modify a commit in the past (and
this will happen because older commits have to be added), the
checksums of present commits change too. I don't know how exactly git
computes the checksums but it takes history into account too so nobody
can insert malicious commit without being noticed. This is also why
it's important to get the conversion right because later changes are
very problematic (all peoples personal clones become invalid).

Cheers,

Jiri