Let’s say that I fork a git repository but want to be able to prove where I forked it from and that I did not create a fake commit history when the original repository ceases to exist.
Are there any mechanisms embedded in Git which would enable this? If I remember correctly it is possible to create a repository and fill it up with commits with false dates and to push this to a hosting platform of your liking without a problem. If you are interacting with a Git client you already do this but in a non-malevolent manner, you can stack commits for weeks, push to a host after, and it will gladly accept those dates.
Dates aside, does the same problem present itself with commit identities? Hosting platforms such as Github offer some form of auditability due to their centralized nature, but even in the case of Github the link with the original repo disappears when it no longer exists.
In regards to the aforementioned, consider a case where a Git server is selfhosted, a repository is forked and its origin repository deleted. In this case the host has no reputational authority. Can a user determine if the fork’s history is truthful by cloning alone, i.e. not accessing the Git server?
If this is not possible, would such a problem be resolved if all commits would contain extra metadata in the form of some sort of cryptographic proof which does not involve blockchain tech?
It seems to me that the history could still be fabricated in such a case, but never the identities themselves.
Which would be good, they can not be forged, yet also bad, the fork owner omits the identity and pretends like he was never involved.
Any ideas? Doesn’t seem possible without a blockchain or trusted authorities.
submitted by /u/yqmvpacqpfgwcalgu
[link] [comments]
from Software Development – methodologies, techniques, and tools. Covering Agile, RUP, Waterfall + more! https://ift.tt/1ZsX042
Ameer Academy 