Thanks for the clarification and the detailed analysis. Sounds like you did
you homework - I have a lot lo learn. Anyway, I would say that we agree on
most points, and I'm more than content to leave it at that :-).
Best Regards,
Kosta
--
)°))°((°(
Konstantin Kliakhandler
Sent on the go.
On Jul 4,
Konstantin Kliakhandler writes:
>
> Sufficient for what? I believe we were discussing security (that was my
> intention at least, and so did your previous email seem to indicate). And
> if this is the case, you have just contradicted yourself. I apologize for
> pointing it out so directly, and al
Hello,
On 3 July 2016 at 23:12, Robert Horn wrote:
>
> The SHA1's are reference elements used throughout git, and are primarily
> for integrity protection against accidents, not against attackers. Hence
> it's sufficient that
> they be maintained by the git processes.
>
Sufficient for what? I
Konstantin Kliakhandler writes:
> Hello Robert,
>
> I am the OP.
>
> For what it is worth, the current discussion is actually precisely what I
> was aiming at. I agree with your analysis of my Intended goals but
> completely disagree that SHA1 alone is any sort of guarantee.. To be
> precise, I d
Konstantin Kliakhandler writes:
> For what it is worth, the current discussion is actually precisely what I
> was aiming at. I agree with your analysis of my Intended goals but
> completely disagree that SHA1 alone is any sort of guarantee.. To be
> precise, I don't just think that it doesn't provi
Hello Robert,
I am the OP.
For what it is worth, the current discussion is actually precisely what I
was aiming at. I agree with your analysis of my Intended goals but
completely disagree that SHA1 alone is any sort of guarantee.. To be
precise, I don't just think that it doesn't provide much, bu
I think that the original question was looking at a different problem,
and discussion of hosted tooling may be a distraction. The issues that
normally come up for cyber-security discussions of distribution need to
be looked at. The following is a start at organizing those for
org-mode.
I think
Bastien Guerry writes:
> I encourage you to try gogs, it is very easy to install and maintain,
> and its interface is very engaging. The more gogs users and potential
> admins out there, the more comfortable I'll feel making the switch.
If it requires anything more than dropping in the public SSH
Hi,
I haven't been as active as I'd have liked in this matter...
Bastien Guerry wrote:
> Hi Ian,
>
> Ian Barton writes:
>
> > Not heard of Gogs before, although it looks nice. Another possiblity
> > would be gitolite with cgit. Gitolite is very flexible and as a
> > consequence can be hard t
Hi Ian,
Ian Barton writes:
> Not heard of Gogs before, although it looks nice. Another possiblity
> would be gitolite with cgit. Gitolite is very flexible and as a
> consequence can be hard to set up initially. The documentation is very
> comprehensive. It supports mirroring of repos.
I have no
On Sat, Jul 02, 2016 at 04:18:42PM +0200, Bastien Guerry wrote:
> Hi Nicolas,
>
> Nicolas Goaziou writes:
>
> > GPG signing tags is OK, but I wouldn't like to request every commit to
> > be signed.
>
> Agreed.
>
> >>> I know that https can be a bit tedious to setup so I am not asking for it
> >>>
Hi Nicolas,
Nicolas Goaziou writes:
> GPG signing tags is OK, but I wouldn't like to request every commit to
> be signed.
Agreed.
>>> I know that https can be a bit tedious to setup so I am not asking for it
>>> (though I do think it would be great if it was enabled on the site in some
>>> fas
Hello,
Arun Isaac writes:
>> However, gpg signing release tag commits is dead simple and would
>> take a total of maybe 10 minutes of work over the lifetime of the project
>> (please correct me if I'm wrong).
>
> I second this statement. GPG signing sounds good to me. We should do
> this.
GPG s
> However, gpg signing release tag commits is dead simple and would
> take a total of maybe 10 minutes of work over the lifetime of the project
> (please correct me if I'm wrong).
I second this statement. GPG signing sounds good to me. We should do this.
> I know that https can be a bit tedious
14 matches
Mail list logo
