[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [task #4633] GPG-Signed Commits
From: |
Derek Price |
Subject: |
Re: [task #4633] GPG-Signed Commits |
Date: |
Fri, 09 Sep 2005 17:12:23 -0400 |
User-agent: |
Mozilla Thunderbird 1.0.6 (Windows/20050716) |
Jim Hyslop wrote:
> Derek Robert Price wrote:
>
>> Summary: GPG-Signed Commits
>> I put up an editable design document/RFC here:
>> <http://ximbiot.com/cvs/wiki/index.php?title=GPG-Signed_Commits>.
>>
>> The most recent public thread on this topic is here:
>> <http://lists.gnu.org/archive/html/info-cvs/2005-08/msg00221.html>.
>
>
> One thing I didn't see in the discussion (maybe I missed it) is: why
> is this feature desirable? What are the benefits of it? (I have some
> ideas, but I'm going to play dumb here [smart remarks > /dev/null] :=)
>
You were looking for more than: "CVS does not provide verification of
past revisions of files. Attackers with access to a CVS repository could
replace file contents or add new revisions apparently from a project
member without users noticing on checkout." (from
<http://ximbiot.com/cvs/wiki/index.php?title=GPG-Signed_Commits#Abstract>).
This whole discussion started a year or two ago, when both Savannah &
cvshome.org were hacked at approximately the same time. The idea is
that there is a lot of source on these system in use in a lot of
places. Someone hacking root on the system, with access to the CVS
repository, could potentially insert unnoticed backdoors in all sorts of
software and have those changes quietly downloaded onto developers
computers without anyone ever being the wiser.
Granted, part of the nature of open source is that hopefully someone
would spot this sooner or later, but gpg-signed commits would hopefully
bias that towards the sooner side.
Regards,
Derek
--
Derek R. Price
CVS Solutions Architect
Ximbiot <http://ximbiot.com>
v: +1 717.579.6168
f: +1 717.234.3125
<mailto:derek@ximbiot.com>
- Re: [task #4633] GPG-Signed Commits, (continued)
- Re: [task #4633] GPG-Signed Commits, Jim Hyslop, 2005/09/21
- Re: [task #4633] GPG-Signed Commits, Derek Price, 2005/09/21
- Re: [task #4633] GPG-Signed Commits, Jim Hyslop, 2005/09/21
- Re: [task #4633] GPG-Signed Commits, Derek Price, 2005/09/21
- Re: GPG-Signed Commits and RCS Keyword exploit [long], Jim Hyslop, 2005/09/22
- Re: GPG-Signed Commits and RCS Keyword exploit [long], Derek Price, 2005/09/22
Re: [task #4633] GPG-Signed Commits,
Derek Price <=
Re: [task #4633] GPG-Signed Commits, Jim Hyslop, 2005/09/10