Rebecca N. Palmer writes ("Re: tag2upload (git-debpush) service architecture -
draft"):
> The signer's local files when they run git-debpush. (To be decided: how
> to define the hash of a directory tree (as opposed to a single file),
> i.e. "tar | sha256 like a .dsc" or "what git uses but sha256".)
This would of course be possible. I don't think it's a particularly
good idea though. What it amounts to is a parallel Merkle tree to the
git one, just with a different data format and a better hash.
The upside is the better hash, but I think our overall risk from the
git SHA-1 problem is (i) still in practice quite low (ii) exists in
all the other places we rely on git already.
The downside is that the tag is no longer just a normal signed git tag
with some easy to construct and easy to understand metadata. It will
in practice then not be practical to make this tag other than with
git-debpush (or some other special utility with the same code).
Ian.
--
Ian Jackson <ijack...@chiark.greenend.org.uk> These opinions are my own.
If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.
