Does your answer imply that it wouldn't even be a post-1.0
implementation as it would require too much re-write to include
signatures inside subversion's core.
A custom property 'signature' would not be an option then? Couldn't
this allow the client to also verify that the server is not sending
bogus diff data. But I think subversion is already verifying that the
checksums are ok so that's not too much of an issue. Correct?
Anyway, the attacks on a couple of major open source site made me a bit
uneasy and if there is something that can help at the revision control
layer it would be a nice bonus to have. If the GNU people are talking
about modifying CVS to accommodate a security policy then moving them to
subversion instead might be a better move (assuming subversion has
support for that security policy).
Sorry for spamming the dev list, I should have spammed the user list :)
Philippe Lavoie
Cactus Commerce eBusiness. All Business.
Tel 819.778.0313 x302 * 888.CACTUS.0 * Fax 819.771.0921
www.cactuscommerce.com philippe.lavoie@cactuscommerce.com
-----Original Message-----
From: Greg Hudson [mailto:ghudson@MIT.EDU]
Sent: Wednesday, December 10, 2003 1:01 PM
To: Philippe Lavoie
Cc: dev@subversion.tigris.org
Subject: Re: Plans to add signing ?
On Wed, 2003-12-10 at 12:40, Philippe Lavoie wrote:
> Has Subversion taken steps to add some kind of digital signature to
> commits? Is this necessary at all?
I think you could check digital signatures with a pre-commit hook. (I'm
assuming the signature would go into the log message, or into a file
somewhere, such that you could use svnlook to extract it and verify it
against the diff.) The trick would be getting the client and the server
to agree on the precise format of a diff, and making sure that diff
includes all relevant changes (including changes to binary files, if
they're allowed).
I believe OpenCM has much more sophisticated cryptographic protection of
commits (such that the server operator cannot forge commits as long as
the clients have the proper public keys for the other developers); I
don't think we have any plans to duplicate that functionality, as it
requires a lot of attention at the architectural layer.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Dec 10 19:38:16 2003