mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

Tahoe: Avoid verifying hash after download, since tahoe does sufficient verification itself

Browse source 
See my comment in the next commit for some details about why
Verified needs a hash with preimage resistance. As far as tahoe goes,
it's fully cryptographically secure.

I think that bup could also return Verified. However, the Retriever
interface does not currenly support that.
This commit is contained in:
Joey Hess 2021-02-09 13:42:16 -04:00
parent cbe84b62b9
commit fa3d71d924
No known key found for this signature in database
GPG key ID: DB12DB0FF05F8F38
4 changed files with 11 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Types/Remote.hs
View file

@ -197,7 +197,9 @@ data Verification
-- ok, so if verification is disabled, don't verify it
| Verified
-- ^ Content was verified during transfer, so don't verify it
-- again.
-- again. The verification does not need to use a
-- cryptographically secure hash, but the hash does need to
-- have preimage resistance.
| MustVerify
-- ^ Content likely to have been altered during transfer,
-- verify even if verification is normally disabled