[ostree] TODO: More bits about commit objects
- From: Colin Walters <walters src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [ostree] TODO: More bits about commit objects
- Date: Wed, 24 Jul 2013 18:15:43 +0000 (UTC)
commit 3de1d6589abbfe7faad2b0a7f32ae8c9f0518693
Author: Colin Walters <walters verbum org>
Date: Wed Jul 24 13:10:28 2013 -0400
TODO: More bits about commit objects
TODO | 9 ++++-----
1 files changed, 4 insertions(+), 5 deletions(-)
---
diff --git a/TODO b/TODO
index e06be2f..c071313 100644
--- a/TODO
+++ b/TODO
@@ -6,6 +6,10 @@
key-value store?
- Optional non-object metadata; e.g., "detached" GPG signatures which
are in the same file (to avoid double HTTP requests)
+ - Extended validation; SHA512+SHA256 checksum of all metadata along
+ with content object metadata (file size in particular) wouldn't take
+ too much extra time per commit, and would greatly strengthen resistance
+ to active hash collision attacks.
* Hybrid SSL pull (fetch refs over SSL, content via plain HTTP)
@@ -15,11 +19,6 @@
investigate something like http://www.sqlite.org/wal.html for having
a shared file.
-* GPG signatures on commits, and more generally, extensible metadata
- associatible with commits. So for example, commit objects could
- also contain secondary checksums of the *entire* content, which
- would allow for stronger verification.
-
* Indexed metadata pack objects for bare repositories at least;
no reason to inflict thousands of little metadata files on
each client.
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
