gittuf
Git
gittuf | Git | |
---|---|---|
2 | 288 | |
397 | 50,310 | |
21.2% | 2.1% | |
9.6 | 10.0 | |
7 days ago | 7 days ago | |
Go | C | |
Apache License 2.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
gittuf
-
Git Branches: Intuition and Reality
It actually does but it's very much in alpha/active development (under the umbrella of OpenSSF with the intent of being integrated into mainline git eventually).
https://github.com/gittuf/gittuf
-
Gittuf – a security layer for Git using some concepts introduced by TUF
Hey Will, thanks!
The paper is from quite a few years ago now and the reference is for a subset of gittuf's threat model, specifically the metadata manipulation / reference state attacks. The paper talks about MITM as one way to carry out a ref state attack, but if you're communicating with a compromised repository, you can be a victim of such an attack even if you're using authenticated transport and using signed commits / tags that you have a way of verifying.
We do have a threat model for gittuf that we've been meaning to add [0] to the design doc. I'll try and get that done today. It should probably be in there before we tag our alpha release. :)
[0] https://github.com/gittuf/gittuf/issues/95
Git
- Git tracks itself. See it's first commit of itself
-
Resistance against London tube map commit history (a.k.a. git merge hell) (2015)
Look at any PR/patch series that got merged into the Git project. https://github.com/git/git/
Any random one. Because those that did not meet the minimum criteria for a well-crafted history would not have passed review.
- GitHub Git Mirror Down
- Four ways to solve the "Remote Origin Already Exists" error.
-
So You Think You Know Git – Git Tips and Tricks by Scott Chacon
Boy, I can't find this either (but also, the kernel mailing list is _really_ difficult to search). I really remember Linus saying something like "it's not a real SCM, but maybe someone could build one on top of it someday" or something like that, but I cannot figure out how to find that.
You _can_ see, though, that in his first README, he refers to what he's building as not a "real SCM":
https://github.com/git/git/commit/e83c5163316f89bfbde7d9ab23...
- Maintain-Git.txt
-
Git Commit Messages by Jeff King
Here is the direct link, as HN somehow removes the query string: https://github.com/git/git/commits?author=peff&since=2023-10...
- Git commit messages by Jeff King
- My favourite Git commit (2019)
-
Do we think of Git commits as diffs, snapshots, and/or histories?
I understand all that.
I'm saying, if you write a survey and one of the possible answers is "diff", but you don't clearly define what you mean by "diff", then don't be surprised if respondents use any reasonable definition that makes sense to them. Ask an ambiguous question, get a mishmash of answers.
The thing that Git uses for packfiles is called a "delta" by Git, but it's also reasonable to call it a "diff". After all, Git's delta algorithm is "greatly inspired by parts of LibXDiff from Davide Libenzi"[1]. Not LibXDelta but LibXDiff.
Yes, how Git stores blobs (using deltas) is orthogonal to how Git uses blobs. But while that orthogonality is useful for reasoning about Git, it's not wrong to think of a commit as the totality of what Git does, including that optimization. (Some people, when learning Git, stumble over the way it's described as storing full copies, think it's wasteful. For them to wrap their heads around Git, they have to understand that the optimization exists. Which makes sense because Git probably wouldn't be practical if it lacked that optimization.)
The reason I'm bringing all this up is, if you're trying to explain Git, which is what the original article is about, then it's very important to keep in mind that someone who is learning Git needs to know what you mean when you say "diff". Most people who already know Git would tend to gravitate toward the definition of "diff" that you're assuming (the thing that Git computes on the fly and never stores), but people who already know Git aren't the target audience when you're teaching Git.
---
[1] https://github.com/git/git/blob/master/diff-delta.c
What are some alternatives?
gitsign - Keyless Git signing using Sigstore
scalar - Scalar: A set of tools and extensions for Git to allow very large monorepos to run on Git without a virtualization layer
attestation - in-toto Attestation Framework
PineappleCAS - A generic computer algebra system targeted for the TI-84+ CE calculators
build-extra - Additional files and scripts to help build Git for Windows on MSYS2.
Subversion - Mirror of Apache Subversion
git-secret - :busts_in_silhouette: A bash-tool to store your private data inside a git repository.
vscode-gitlens - Supercharge Git inside VS Code and unlock untapped knowledge within each repository — Visualize code authorship at a glance via Git blame annotations and CodeLens, seamlessly navigate and explore Git repositories, gain valuable insights via rich visualizations and powerful comparison commands, and so much more
go-tuf - Go implementation of The Update Framework (TUF)
linux - Linux kernel source tree
example
chromebrew - Package manager for Chrome OS [Moved to: https://github.com/chromebrew/chromebrew]