Re: [task #4633] GPG-Signed Commits

bug-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [task #4633] GPG-Signed Commits

From:	Jim Hyslop
Subject:	Re: [task #4633] GPG-Signed Commits
Date:	Tue, 20 Sep 2005 23:58:19 -0400
User-agent:	Mozilla Thunderbird 1.0.6 (Windows/20050716)

I've been thinking about the RCS Keyword Exploit (
http://ximbiot.com/cvs/wiki/index.php?title=GPG-Signed_Commits_RCS_Keyword_Exploit
)

Unless I'm mistaken, no keywords are expanded on check-in, they are allexpanded on check-out, correct?

How about if CVS/Base contains the revision exactly as stored in the RCSfile (which will then allow the RCS keywords to be included in thesignature), and the server also sends a patch that expands the keyword,which would be stored in a separate file, such as.#filename.revision.kwd. Since these files contain only the patchesrequired (if any) to expand RCS keywords, the files will be fairly small.


Thoughts?

--
Jim

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [task #4633] GPG-Signed Commits, (continued)

Prev by Date: cvs ls corner cases
Next by Date: [bug #14506] CVS 1.12.12 GSSAPI hang
Previous by thread: Re: [task #4633] GPG-Signed Commits
Next by thread: Re: [task #4633] GPG-Signed Commits
Index(es):
- Date
- Thread