On Wed, 2003-12-10 at 12:40, Philippe Lavoie wrote:
> Has Subversion taken steps to add some kind of digital signature to
> commits? Is this necessary at all?
I think you could check digital signatures with a pre-commit hook. (I'm
assuming the signature would go into the log message, or into a file
somewhere, such that you could use svnlook to extract it and verify it
against the diff.) The trick would be getting the client and the server
to agree on the precise format of a diff, and making sure that diff
includes all relevant changes (including changes to binary files, if
they're allowed).
I believe OpenCM has much more sophisticated cryptographic protection of
commits (such that the server operator cannot forge commits as long as
the clients have the proper public keys for the other developers); I
don't think we have any plans to duplicate that functionality, as it
requires a lot of attention at the architectural layer.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Dec 10 19:02:02 2003