Re: [Monotone-devel] Re: linus talk on git

[Jack Lloyd]

On Mon, May 21, 2007 at 01:21:11PM +0100, Bruce Stephens wrote:

> Just doing "update", monotone checks RSA signatures (to see if
> revisions are on the branch), calls lua hooks (for the same reason);
> and throughout all that gets its information from SQLite.  (At that
> time, IIRC, base64 encoded information, for the binary bits.)
> 
> It must have been clear even at the time that if you decided what data
> to keep (so you could stick it in some simpler binary format) and
> didn't sign most of it, then you could build something much faster.

[OT]

I haven't looked into the design of git at all, so this is perhaps a
stupid question, but does this mean git is then relying more on some
external factors for authenticity checks, like domain names?

(Initially I thought this might mean Monotone might be signing file
data, which would indeed be very slow (!), but a quick look at 0.35
suggests that's not the case at all, so now I'm curious what
signatures one can get away with removing without seriously
compromising the ability to calculate meaningful trust metrics on a
revision or branch).

-Jack