[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [task #4633] GPG-Signed Commits

From: Derek Price
Subject: Re: [task #4633] GPG-Signed Commits
Date: Wed, 21 Sep 2005 12:55:46 -0400
User-agent: Mozilla Thunderbird 1.0.6 (Windows/20050716)

Jim Hyslop wrote:

> Either way, if the server is compromised, the local file ends up
> containing the exploit.

Yes, but if I ignore keyword expansion entirely (other than giving a
warning or error when keywords are present in the file at commit time),
then you won't have a CVS executable that tells you you have a valid,
signed, base revision just before it installs compromised code in your

If you do have keywords in your file, checking out -ko would still allow
revisions to be verified in this way.

> However, there is a difference: if CVS/Base contains the expanded
> keywords, then there is absolutely no way for me to validate the
> signature on my local copy of the file. If, on the other hand,
> CVS/Base contains the exact file as checked in by the user, I can
> validate the signature, and examine the keyword patch file to look for
> any irregularities. It's not a perfect solution, since I have to
> examine the keyword file manually, but it gets part way there.

You could do the same by parsing the output of `cvs status' or `cvs log'
and performing the substitutions with a sed script, perhaps as part of
your software build.  Perhaps this would be a good script for contrib if
no one implements secure keyword substitution after I am done with the
GPG-signed commits code.



Derek R. Price
CVS Solutions Architect
Ximbiot <http://ximbiot.com>
v: +1 717.579.6168
f: +1 717.234.3125

reply via email to

[Prev in Thread] Current Thread [Next in Thread]