Re: signing commits
- From: Colin Walters <walters verbum org>
- To: Jeremy Whiting <jeremy whiting collabora com>
- Cc: ostree-list gnome org
- Subject: Re: signing commits
- Date: Thu, 29 Aug 2013 09:35:56 -0400
On Thu, 2013-08-29 at 09:12 -0400, Colin Walters wrote:
This sort of thing is why for the OSTree core I just went with SSL/TLS;
Although I should further note a model I expect to be widely deployed is
one where only the refs are fetched over https:// from a centralized
pool of servers; from there, you can fetch everything else over plain
http:// from a larger network of mirror servers.
The clients will validate checksums, so you have integrity. You don't
have confidentiality, but this is for operating systems with no private
data embedded in them.
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]