[Buildroot] [PATCH v3] ca-certificates: new package

Yann E. MORIN yann.morin.1998 at free.fr
Sun Jan 12 18:34:42 UTC 2014


Peter, All,

On 2014-01-12 19:23 +0100, Peter Korsgaard spake thusly:
> >>>>> "Yann" == Yann E MORIN <yann.morin.1998 at free.fr> writes:
>  > I guess there's no point in adding such a check for git, svn and all
>  > other VCSes. Only 'static' content wouls be elligible to being checked.
> 
> Why not? I know git gives you strong integrity guarantees (if you use
> the sha1 atleast), but E.G. svn doesn't.

Because we can't guarantee the reproducibility of an archive generated
by git archive, since at least the file's date may change, end up in the
tarball, and thus generate a different hash, even if the 'content' of
the archive is the same. Also, a different git version may re-order the
files, or whatever.

For a VCS, maybe the list of files and their respective contents are OK,
but we can't say anything about the generated archive.

Regards,
Yann E. MORIN.

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 223 225 172 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'


More information about the buildroot mailing list