Jani Averbach wrote:
> On 2003-12-11 16:18+0000, John Pybus wrote:
>
>>The client certs could be used to sign SHA1 hashes before submitting
>>data. The server could validate the hash and signature then store it as
>>a property.
>
> Yes, this will bring some extra security, but it will not seal a
> can complitely.
>
> Benjamin Pflugmann wrote:
> http://subversion.tigris.org/servlets/ReadMsg?list=dev&msgId=220488
This is true, it only protects file contents for known repos revisions.
It doesn't provide full protection for tree changes, nor for server
generated diffs (without recreating both end revisions to check their
hashes).
Still, I think it's strong enough to be useful. It's simple to
implement on top of subversion's model, and a project can achieve a
reasonable level of trust by creating a manifest file storing a list of
the files it comprises. This would allow a WC to be sure that the repos
hasn't had intended files removed.
A design that would protect tree arrangement/rearrangements and be
flexible enough to protect diff/merge operations against a compromised
server is probably difficult to get right, and very difficult to
retro-fit to subversion. I guess you have to hope that a compromised
server wouldn't remain unnoticed for too long :-)
John
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Dec 11 20:33:31 2003