On Thu, Mar 24, 2011 at 6:42 PM, Rémi Cardona wrote: > PS, wasn't manifest-signing supposed to become moot once we moved to git?
not in the least. git only provides SHA1 which is not cryptographically strong, and we will still be mirroring only the latest checkout via rsync. the hashs in git require the entire tree in order to validate. -mike
