| |||||||||||||
Security of a git treeSecurity of a git treePosted Mar 29, 2011 18:34 UTC (Tue) by vapier (subscriber, #15768)In reply to: Security of a git tree by alex Parent article: Arch Linux and (the lack of) package signing
signing a SHA1 doesnt increase confidence in SHA1 in any way. it's still a SHA1.
you missed the "resources" aspect. high compression means significantly higher cpu/mem usage which makes scaling up much harder. plus, our mirrors now have to run a git daemon to do mirroring ? it just doesnt work out.
as a developer, you can mirror the VCS tree yourself.
(Log in to post comments)
Security of a git tree Posted Mar 30, 2011 2:08 UTC (Wed) by smurf (subscriber, #17840) [Link]
You don't need a git server for mirriring a git archive.
That works quite well with http.
Security of a git tree Posted Apr 3, 2011 2:52 UTC (Sun) by vapier (subscriber, #15768) [Link]
i dont think you've ever used git over http. the performance is downright awful for even small repos.
Security of a git tree Posted Apr 3, 2011 6:17 UTC (Sun) by smurf (subscriber, #17840) [Link]
I don't think you've heard of "git update-server-info".
It creates a few index files which speed up the job considerably. (It's typically run from the post-update hook in the shared repository.)
Security of a git tree Posted Apr 3, 2011 7:37 UTC (Sun) by jrn (subscriber, #64214) [Link]
Presumably he has, since git refuses to fetch over HTTP without it.
Perhaps the servers you've been connecting to use the (relatively) new "smart" HTTP support, which negotiates which objects to send using a CGI script.
|
|||||||||||||