On Sun, Aug 12, 2012 at 8:22 AM, Daniel Shahaf <d.s_at_daniel.shahaf.name> wrote:
> No. It makes them worse.
>
> Unless of course you expanded the tar and diff'd it --ignore-eol-style
> against the zip you had built, in which case it does make them better.
Maybe I'm being obtuse but isn't everyone signing checking the code
against the branch (for every file they're signing)? That should be
the absolute minimum anyone is doing before signing. If you do it for
one file you can obviously do it for the others by comparing them.
The whole point of the signatures is to say "Yes this is really what
we intend to release." Ignore the possibility of malicious RM.
Imagine the RM just makes a mistake and typoed the revision they
intended to release from?
Our release process should be ensuring that we release the code we
intend to release.
Which comes back to Daniel's suggestion. We should make it as easy as
possible for people checking the release to do that. The only concern
on my part here is that we need to pay very close attention to the
code we write to do that validation otherwise we become too dependent
on it and miss something.
Received on 2012-08-12 20:04:37 CEST