On 21/05/2007, at 14:47, Jack Lloyd wrote:
> On Mon, May 21, 2007 at 01:21:11PM +0100, Bruce Stephens wrote:
>
>> Just doing "update", monotone checks RSA signatures (to see if
>> revisions are on the branch), calls lua hooks (for the same reason);
>> and throughout all that gets its information from SQLite. (At that
>> time, IIRC, base64 encoded information, for the binary bits.)
>>
>> It must have been clear even at the time that if you decided what
>> data
>> to keep (so you could stick it in some simpler binary format) and
>> didn't sign most of it, then you could build something much faster.
>
> [OT]
>
> I haven't looked into the design of git at all, so this is perhaps a
> stupid question, but does this mean git is then relying more on some
> external factors for authenticity checks, like domain names?
Linus talks about this in his presentation. The hashes are only used
for "consistency" checks -- i.e., if you have revision xyz, then you
really have what xyz is supposed to contain anywhere else. But
security must be provided elsewhere. (I don't know if that's what
you were referring to, though.)