On Wed, 2003-12-10 at 13:14, Philippe Lavoie wrote:
> Does your answer imply that it wouldn't even be a post-1.0
> implementation as it would require too much re-write to include
> signatures inside subversion's core.
Well, that's my opinion. I could be proven wrong.
> A custom property 'signature' would not be an option then? Couldn't
> this allow the client to also verify that the server is not sending
> bogus diff data.
Maybe, but you'd have to take all your updates one rev at a time in
order to do that verification, and we don't have any support for doing
that. The whole concept of mixed-revision working copies has to go out
the window, too.
> But I think subversion is already verifying that the
> checksums are ok so that's not too much of an issue. Correct?
Depends on the threat model. We have checksums, but we currently have
no cryptographic protection beyond the protections afforded by the
access method. (For instance, if you only allow commits over https with
client certificates, then all commits will be protected by SSL, but
there would still be no strong protection against server-side
tampering.)
> Anyway, the attacks on a couple of major open source site made me a bit
> uneasy and if there is something that can help at the revision control
> layer it would be a nice bonus to have. If the GNU people are talking
> about modifying CVS to accommodate a security policy then moving them to
> subversion instead might be a better move (assuming subversion has
> support for that security policy).
In the short term, I don't think Savannah can force a march from CVS to
Subversion, so they have to do something with the tools they already
use.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Dec 10 19:30:24 2003