diff options
| author | Colin Walters <walters@verbum.org> | 2013-07-24 13:10:28 -0400 |
|---|---|---|
| committer | Colin Walters <walters@verbum.org> | 2013-07-24 13:10:28 -0400 |
| commit | 3de1d6589abbfe7faad2b0a7f32ae8c9f0518693 (patch) | |
| tree | 9bba7d7381025bd8cf4b903fd1c44088d078ad97 /TODO | |
| parent | c9b61cbfee5d3cd0433ef14eac9ba9d1b24a0e38 (diff) | |
| download | ostree-3de1d6589abbfe7faad2b0a7f32ae8c9f0518693.tar.gz | |
TODO: More bits about commit objects
Diffstat (limited to 'TODO')
| -rw-r--r-- | TODO | 9 |
1 files changed, 4 insertions, 5 deletions
@@ -6,6 +6,10 @@ key-value store? - Optional non-object metadata; e.g., "detached" GPG signatures which are in the same file (to avoid double HTTP requests) + - Extended validation; SHA512+SHA256 checksum of all metadata along + with content object metadata (file size in particular) wouldn't take + too much extra time per commit, and would greatly strengthen resistance + to active hash collision attacks. * Hybrid SSL pull (fetch refs over SSL, content via plain HTTP) @@ -15,11 +19,6 @@ investigate something like http://www.sqlite.org/wal.html for having a shared file. -* GPG signatures on commits, and more generally, extensible metadata - associatible with commits. So for example, commit objects could - also contain secondary checksums of the *entire* content, which - would allow for stronger verification. - * Indexed metadata pack objects for bare repositories at least; no reason to inflict thousands of little metadata files on each client. |