tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: git copies of cvs modules available


On Tue, Oct 27, 2009 at 9:10 PM, Greg A. Woods <> 
> ..., humans
> usually just want to see if the IDs are the same or not, perhaps with
> some hint as to their relationship in time if they're not.
well, as an heavy git user, what I want to know is if the source I'm
looking at are the same as the one who has an issue with the source.
With a SHA1, no matter on which repo I'll look at, I will have this
guarantee (minus an improbable collision). CVS doesn't provide this
basic guarantee that 2 same filename with the same CVS number check
out at different time are the same (data corruption or malicious
change). That is a serious flaw.

AFAIK, there is already a (few?) case of this is our CVS repository
(file which original version has been tempered with due to legal
issue, however that was wanted).

 - Arnaud

Home | Main Index | Thread Index | Old Index