Re: Release policy question

From: Christian Stork <cstork_at_ics.uci.edu>
Date: 2006-02-02 20:55:47 CET

On Thu, Feb 02, 2006 at 07:29:13PM +0100, Sander Striker wrote:
...
> AFAIK it is. You sign the content, not the name.

Hmm, then you guys might have a problem:

- svn x.y.0rc1 was signed by all relevant people but not released due to
a security flaw discovered in the last minute.
- svn x.y.0 released without security flaw.

Evil Hacker can now reuse the x.y.0rc1 sigs to make Good Company believe
it installed svn x.y.0 even though they installed the flawed x.y.0rc1
but they feel secure since they checked all relevant sigs.

This would be a sort of replay attack, I guess.

-- 
Chris Stork   <>  Support eff.org!  <>   http://www.ics.uci.edu/~cstork/
OpenPGP fingerprint:  B08B 602C C806 C492 D069  021E 41F3 8C8D 50F9 CA2F
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Thu Feb 2 20:56:39 2006

This message: [ Message body ]
Next message: Peter N. Lundblad: "Re: [API] r18266"
Previous message: Peter N. Lundblad: "Re: Release policy question"
In reply to: Sander Striker: "Re: Release policy question"
Next in thread: kfogel_at_collab.net: "Re: Release policy question"
Reply: kfogel_at_collab.net: "Re: Release policy question"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]