[Geany-devel] Git switch (for real) (was: Re: geany on github; why not?)
Frank Lanitz
frank at xxxxx
Mon Oct 3 20:22:26 UTC 2011
On Mon, 3 Oct 2011 22:18:46 +0200
Jiří Techet <techet at gmail.com> wrote:
> On Mon, Oct 3, 2011 at 20:21, Frank Lanitz <frank at frank.uvena.de>
> wrote:
> > On Mon, 3 Oct 2011 18:59:49 +0200
> > Jiří Techet <techet at gmail.com> wrote:
> >
> >> On Mon, Oct 3, 2011 at 17:28, Colomban Wendling
> >> <lists.ban at herbesfolles.org> wrote:
> >> > Hi all,
> >> >
> >> > Now the release is out, it's time for the real migration.
> >> > There's things to do then, and perhaps a few we still need to
> >> > agree on.
> >> >
> >> >
> >> > Le 05/09/2011 23:05, Jiří Techet a écrit :
> >> >> [...]
> >> >>
> >> >> End of the long email finally! I tried to record all what needs
> >> >> to be done so nothing is forgotten once the real migration
> >> >> takes place because some of the stuff took some time to
> >> >> discover.
> >> >
> >> > @Jiří: Would you mind doing the real export since you know have a
> >> > little experience?
> >>
> >> Sure, no problem. Just one thing I'd like to mention - I may be a
> >> security problem. During the export I can modify any commit (e.g.
> >> to send me the contents of the editor by email) and you probably
> >> won't notice. On the other hand, the good thing is that:
> >>
> >> 1. I don't feel it's something I'd like to do (but you cannot be
> >> sure I'm telling you the truth)
> >
> > Well. We can verify the hash of source code after transition with
> > the hash we do have signed on server or e.g. in our personal git
> > repos.
>
> No, I don't think you can - if you modify a commit in the past (and
> this will happen because older commits have to be added), the
> checksums of present commits change too. I don't know how exactly git
> computes the checksums but it takes history into account too so nobody
> can insert malicious commit without being noticed. This is also why
> it's important to get the conversion right because later changes are
> very problematic (all peoples personal clones become invalid).
I didn't mean the git hash of commit or tree, but comparing the hash of
the tar of the working copies of current svn head and git head after.
Cheers,
Frank
--
http://frank.uvena.de/en/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.geany.org/pipermail/devel/attachments/20111003/d30ceaee/attachment.pgp>
More information about the Devel
mailing list