On Wed, 10 Dec 2003, Greg Hudson wrote:
> On Wed, 2003-12-10 at 12:40, Philippe Lavoie wrote:
> > Has Subversion taken steps to add some kind of digital signature to
> > commits? Is this necessary at all?
>
> I think you could check digital signatures with a pre-commit hook. (I'm
> assuming the signature would go into the log message, or into a file
> somewhere, such that you could use svnlook to extract it and verify it
> against the diff.) The trick would be getting the client and the server
> to agree on the precise format of a diff, and making sure that diff
> includes all relevant changes (including changes to binary files, if
> they're allowed).
I'm not an expert for all these things so my idea is prerhaps just crap
but...
I would create hashes of the whole files (not the diffs) store the signed
list of filenames and hashes as a revision property. This could be done by
the client. I think the server should check the signature and add it's own
so only one key is needed to check a whole tree. Ofcourse for a complete
check all keys would be needed so both signatures could be verified.
Martin
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Dec 11 00:35:24 2003