[CentOS] Checksums for git repo content?
Leonard den Ottolander
leonard at den.ottolander.nl
Thu Feb 9 20:55:07 UTC 2017
Hello Gordon,
On Thu, 2017-02-09 at 12:38 -0800, Gordon Messmer wrote:
> Git already has the protection you're looking for. As part of its core
> design, git uses a hash chain to verify the integrity of its history.
> Every change and every file is thus protected. It's impossible to
> insert changes or to modify the history of the git repository in a way
> that wouldn't be extremely visible to all users.
>
> If you check out a module using git, and fetch its external sources
> using get_sources.sh, you can rest assured that every file used to build
> an RPM has been hashed and verified.
Alright, understood. Only the sources downloaded with get_sources.sh
need a checksum then. Which are the ones in <package>.metadata.
Thanks for clearing this up and sorry Johnny for the fuzz :) .
Regards,
Leonard.
--
mount -t life -o ro /dev/dna /genetic/research
More information about the CentOS
mailing list