[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [task #4633] GPG-Signed Commits

From: Derek Price
Subject: Re: [task #4633] GPG-Signed Commits
Date: Fri, 09 Sep 2005 17:12:23 -0400
User-agent: Mozilla Thunderbird 1.0.6 (Windows/20050716)

Jim Hyslop wrote:

> Derek Robert Price wrote:
>>                  Summary: GPG-Signed Commits
>> I put up an editable design document/RFC here:
>> <http://ximbiot.com/cvs/wiki/index.php?title=GPG-Signed_Commits>.
>> The most recent public thread on this topic is here:
>> <http://lists.gnu.org/archive/html/info-cvs/2005-08/msg00221.html>.
> One thing I didn't see in the discussion (maybe I missed it) is: why
> is this feature desirable? What are the benefits of it? (I have some
> ideas, but I'm going to play dumb here [smart remarks > /dev/null] :=)

You were looking for more than: "CVS does not provide verification of
past revisions of files. Attackers with access to a CVS repository could
replace file contents or add new revisions apparently from a project
member without users noticing on checkout." (from

This whole discussion started a year or two ago, when both Savannah &
cvshome.org were hacked at approximately the same time.  The idea is
that there is a lot of source on these system in use in a lot of
places.  Someone hacking root on the system, with access to the CVS
repository, could potentially insert unnoticed backdoors in all sorts of
software and have those changes quietly downloaded onto developers
computers without anyone ever being the wiser.

Granted, part of the nature of open source is that hopefully someone
would spot this sooner or later, but gpg-signed commits would hopefully
bias that towards the sooner side.



Derek R. Price
CVS Solutions Architect
Ximbiot <http://ximbiot.com>
v: +1 717.579.6168
f: +1 717.234.3125

reply via email to

[Prev in Thread] Current Thread [Next in Thread]