- From: Marcos Caceres <w3c@marcosc.com>
- Date: Mon, 21 Oct 2013 17:53:34 +0100
- To: Tobie Langel <tobie@w3.org>
- Cc: Robin Berjon <robin@w3.org>, "spec-prod@w3.org" <spec-prod@w3.org>
On Monday, October 21, 2013 at 5:30 PM, Tobie Langel wrote: > On Monday, October 21, 2013 at 4:26 PM, Robin Berjon wrote: > > At FPWD, a static snapshot is also made. I say static because I'm > > assuming that systems like ReSpec that generate things on the client > > side become accepted in TR, for non-snapshots. Basically, FPWD (and the > > other snapshot points) are *not* git SHAs. History can be rewritten in > > git, which can be defended against but would be annoying. Instead they > > really are snapshot exports of the repo. This also makes generating > > static versions easier. > > > > I'm not sure I understand the attack vector you're describing here, nor why it wouldn't be easy to defend against it. Exporting the whole repo for every release seems to be both an annoyance to setup and an important feature loss (I'd love to have tags of each different maturity level bundled together when cloning the repo. I agree with Tobie. This sounds like something that should be put in place in extreme circumstances. -- Marcos Caceres
Received on Monday, 21 October 2013 16:54:02 UTC