[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Security flaw caused by RC sigs [was: Release policy question]

From: Greg Hudson <ghudson_at_MIT.EDU>
Date: 2006-02-02 22:49:24 CET

On Thu, 2006-02-02 at 12:45 -0800, Christian Stork wrote:
> On Thu, Feb 02, 2006 at 12:25:35PM -0600, kfogel@collab.net wrote:
> Evil Hacker doesn't! She installs x.y.0-rc1 under the name x.y.0 and
> gives Good Company the sigs of the RC. Then Good Company verifies the
> sigs using the public keys of some committers which it received at some
> key signing party.

The tarball does contain the version number inside, so Good Company will
presumably notice that the tarball named x.y.0 actually contains
x.y.0-rc1.

If we've reused the version number from a testing tarball, that would be
a problem, but we've never considered reusing a version number because
of a security flaw, only because of a packaging failure which caused
build problems or the like. There is no security issue with
substituting such a broken x.y.0 tarball for the real one.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Feb 2 22:51:49 2006

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.