[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [task #4633] GPG-Signed Commits

From: Jim Hyslop
Subject: Re: [task #4633] GPG-Signed Commits
Date: Tue, 20 Sep 2005 23:58:19 -0400
User-agent: Mozilla Thunderbird 1.0.6 (Windows/20050716)

I've been thinking about the RCS Keyword Exploit (

Unless I'm mistaken, no keywords are expanded on check-in, they are all expanded on check-out, correct?

How about if CVS/Base contains the revision exactly as stored in the RCS file (which will then allow the RCS keywords to be included in the signature), and the server also sends a patch that expands the keyword, which would be stored in a separate file, such as .#filename.revision.kwd. Since these files contain only the patches required (if any) to expand RCS keywords, the files will be fairly small.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]