On Thu, 2003-12-11 at 11:18, John Pybus wrote:
> The client certs could be used to sign SHA1 hashes before submitting
> data. The server could validate the hash and signature then store it as
> a property.
Yes... if the contents of each file are signed with a property upon
checkin (something the server could verify in a pre-commit hook), then
clients could verify the contents of each file.
But, because we auto-merge directory operations, I think it would be
impossible to sign directory operations (particularly deletions) in a
way which is verifiable by other clients. In some cases you might be
able to do damage by forging the deletion or movement of files, e.g.
disabling security code which would otherwise be compiled in.
So, it might be worthwhile to sign file contents, but for real
protection against tampering we'd have to provide a way to disable the
auto-merge feature so that you could sign whole directories before
checkin.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Dec 11 17:28:55 2003