On Mon, Jul 2, 2018, at 12:01 CDT, "Jason A. Donenfeld" <zx...@gentoo.org> wrote:
> Aren't git signatures done over the full commit objects? Meaning you'd > need the entire tree of metadata and thus all commits in order to > verify? Or do you see some clever opportunity for extracting just > enough metadata that you could actually have a file-based, rather than > commit-based, verification? Git signatures are over the full commit object - and the commit contains a hash of the root of the full repository tree. Git internally only stores tree snapshots (and not differences). So all you need is exactly one signed commit to verify that - this is the full repository tree the developer saw at the time of the commit - this is the full history the developer saw at the time of the commit Meaning, our current tree signing practice already ensures that - history cannot be tampered with - allows for a complete audit log (in buzzspeak, we're doing blockchain verification *SCNR*) Best, Matthias
