On Sun, Aug 12, 2012 at 8:22 AM, Daniel Shahaf <d...@daniel.shahaf.name> wrote: > No. It makes them worse. > > Unless of course you expanded the tar and diff'd it --ignore-eol-style > against the zip you had built, in which case it does make them better.
Maybe I'm being obtuse but isn't everyone signing checking the code against the branch (for every file they're signing)? That should be the absolute minimum anyone is doing before signing. If you do it for one file you can obviously do it for the others by comparing them. The whole point of the signatures is to say "Yes this is really what we intend to release." Ignore the possibility of malicious RM. Imagine the RM just makes a mistake and typoed the revision they intended to release from? Our release process should be ensuring that we release the code we intend to release. Which comes back to Daniel's suggestion. We should make it as easy as possible for people checking the release to do that. The only concern on my part here is that we need to pay very close attention to the code we write to do that validation otherwise we become too dependent on it and miss something.
