bug-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [task #4633] GPG-Signed Commits


From: Jim Hyslop
Subject: Re: [task #4633] GPG-Signed Commits
Date: Sat, 10 Sep 2005 12:39:11 -0400
User-agent: Mozilla Thunderbird 1.0.6 (Windows/20050716)

Derek Price wrote:
Jim Hyslop wrote:
One thing I didn't see in the discussion (maybe I missed it) is: why
is this feature desirable? What are the benefits of it? (I have some
ideas, but I'm going to play dumb here [smart remarks > /dev/null] :=)

You were looking for more than: "CVS does not provide verification of
past revisions of files. Attackers with access to a CVS repository could
replace file contents or add new revisions apparently from a project
member without users noticing on checkout."

Sorry, my background as a corporate developer is showing through. I was thinking just in terms of a corporate repository, not something as large and complex as Savannah or Sourceforge. Now I see, thanks.

--
Jim





reply via email to

[Prev in Thread] Current Thread [Next in Thread]