[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Plans to add signing ?

From: Greg Hudson <ghudson_at_MIT.EDU>
Date: 2003-12-10 19:00:39 CET

On Wed, 2003-12-10 at 12:40, Philippe Lavoie wrote:
> Has Subversion taken steps to add some kind of digital signature to
> commits? Is this necessary at all?

I think you could check digital signatures with a pre-commit hook. (I'm
assuming the signature would go into the log message, or into a file
somewhere, such that you could use svnlook to extract it and verify it
against the diff.) The trick would be getting the client and the server
to agree on the precise format of a diff, and making sure that diff
includes all relevant changes (including changes to binary files, if
they're allowed).

I believe OpenCM has much more sophisticated cryptographic protection of
commits (such that the server operator cannot forge commits as long as
the clients have the proper public keys for the other developers); I
don't think we have any plans to duplicate that functionality, as it
requires a lot of attention at the architectural layer.

To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Dec 10 19:02:02 2003

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.