[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #50809] Require signed Git commits
|
From: |
Sam Kuper |
|
Subject: |
[bug #50809] Require signed Git commits |
|
Date: |
Sat, 15 Apr 2017 18:54:01 -0400 (EDT) |
|
User-agent: |
Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0 |
URL:
<http://savannah.gnu.org/bugs/?50809>
Summary: Require signed Git commits
Project: GNU GRUB
Submitted by: sampablokuper
Submitted on: Sat 15 Apr 2017 10:53:59 PM UTC
Category: Security
Severity: Major
Priority: 5 - Normal
Item Group: Action Request
Status: None
Privacy: Public
Assigned to: None
Originator Name:
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Release:
Release: Git master
Reproducibility: Every Time
Planned Release: None
_______________________________________________________
Details:
None of GRUB's Git commits have been signed:
$ git log --pretty="format:%G?" | grep -v 'N$'
$
This exposes GRUB to tampering. See:
https://mikegerwitz.com/papers/git-horror-story
GRUB should implement a Git hook to prevent unsigned commits being committed
to the Savannah-hosted master branch or to Savannah-hosted tags.
(By "Savannah-hosted", I mean "hosted at savannah.gnu.org".)
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?50809>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [bug #50809] Require signed Git commits,
Sam Kuper <=