|
From: | Jim Hyslop |
Subject: | Re: [task #4633] GPG-Signed Commits |
Date: | Sat, 10 Sep 2005 12:39:11 -0400 |
User-agent: | Mozilla Thunderbird 1.0.6 (Windows/20050716) |
Derek Price wrote:
Jim Hyslop wrote:One thing I didn't see in the discussion (maybe I missed it) is: why is this feature desirable? What are the benefits of it? (I have some ideas, but I'm going to play dumb here [smart remarks > /dev/null] :=)You were looking for more than: "CVS does not provide verification of past revisions of files. Attackers with access to a CVS repository could replace file contents or add new revisions apparently from a project member without users noticing on checkout."
Sorry, my background as a corporate developer is showing through. I was thinking just in terms of a corporate repository, not something as large and complex as Savannah or Sourceforge. Now I see, thanks.
-- Jim
[Prev in Thread] | Current Thread | [Next in Thread] |