|
|
|
|
|
|
by oneeyedpigeon
4106 days ago
|
|
|
You could convince me that your server has a checked-out copy of a given body of code by a) giving me push access to a single 'throwaway' file in your repository b) generating a fingerprint of the codebase and serve it. You can't then just return a hardcoded fingerprint, but this doesn't guarantee that you aren't running other things in addition to that code. |
|
|
Again, this requires a root of trust on the server, otherwise, anything returned from the server including any information you would need to verify code the server is running could be spoofed.