Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] Any way to make code running on a cloud service publicly verifiable?
- Date: Sun, 16 Sep 2012 15:33:47 +0900
- From: "Stephen J. Turnbull" <stephen@example.com>
- Subject: Re: [tlug] Any way to make code running on a cloud service publicly verifiable?
- References: <CA+su7OWvHruqQ8MVWKqkGNSwrnLS0GeZECk=B4P4AwWN=qR8eg@mail.gmail.com> <87627grg2i.fsf@uwakimon.sk.tsukuba.ac.jp> <20120915065609.GB9846@homeric.cynic.net> <87wqzvpci6.fsf@uwakimon.sk.tsukuba.ac.jp> <20120915152427.GA32537@homeric.cynic.net>
Curt Sampson writes: > On 2012-09-15 23:49 +0900 (Sat), Stephen J. Turnbull wrote: > > > But what do you propose signing in the case of a direct checkout of > > rev deadbeefcafefeedbeadbabefacebadedeedaced from a public git > > repository? The rev id, I guess? > > The revision itself. The ability to do that is built in to git with "git > tag --sign". All that does is sign the commit object, which contains a tree id and metadata. For our purpose, there's no difference: it still depends on the chain of SHA1s. Linus never claimed this provides good security, just that it's better than no signature. The monotone people do, but I don't know whether git's signing protocol is as secure as monotone's.
- Follow-Ups:
- References:
- [tlug] Any way to make code running on a cloud service publicly verifiable?
- From: Edmund Edgar
- [tlug] Any way to make code running on a cloud service publicly verifiable?
- From: Stephen J. Turnbull
- Re: [tlug] Any way to make code running on a cloud service publicly verifiable?
- From: Curt Sampson
- Re: [tlug] Any way to make code running on a cloud service publicly verifiable?
- From: Stephen J. Turnbull
- Re: [tlug] Any way to make code running on a cloud service publicly verifiable?
- From: Curt Sampson
- [tlug] Any way to make code running on a cloud service publicly verifiable?
- Prev by Date: Re: [tlug] Help understanding a disk near-disaster
- Next by Date: Re: [tlug] Help understanding a disk near-disaster
- Previous by thread: Re: [tlug] Any way to make code running on a cloud service publicly verifiable?
- Next by thread: Re: [tlug] Any way to make code running on a cloud service publicly verifiable?
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |