[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [task #4633] GPG-Signed Commits

From: Mark D. Baushke
Subject: Re: [task #4633] GPG-Signed Commits
Date: Fri, 09 Sep 2005 14:12:58 -0700

Hash: SHA1

Jim Hyslop <jhyslop@dreampossible.ca> writes:

> Derek Robert Price wrote:
> >                  Summary: GPG-Signed Commits
> > I put up an editable design document/RFC here:
> > <http://ximbiot.com/cvs/wiki/index.php?title=GPG-Signed_Commits>.
> > The most recent public thread on this topic is here:
> > <http://lists.gnu.org/archive/html/info-cvs/2005-08/msg00221.html>.
> One thing I didn't see in the discussion (maybe I missed it) is: why
> is this feature desirable? What are the benefits of it? (I have some
> ideas, but I'm going to play dumb here [smart remarks > /dev/null] :=)

This feature was first suggested when one of the CVS repositories for an
open source software project was found to have been compromised. It was
not clear if any of the files on the system were intact or had been
maliciously modified. It took a lot of work to validate that the files
looked okay.

So, the GPG-Signed commits feature will try to address the problem of
not being able to trust the sources checked out from a possibly
subverted CVS server machine. It may not be possible to know with
certainty if a subverted machine could have caused tampering to occur
with the sources in the repository.

If one does not know if sources have been tampered with, then it is
non-trivial to make a new release of a software package and know that no
undesirable changes might have been made to parts of the source without
an extensive audit of all of the changes going into the release.

        -- Mark
Version: GnuPG v1.2.3 (FreeBSD)


reply via email to

[Prev in Thread] Current Thread [Next in Thread]