Re: Security flaw caused by RC sigs [was: Release policy question]

From: Greg Hudson <ghudson_at_MIT.EDU>
Date: 2006-02-02 22:49:24 CET

On Thu, 2006-02-02 at 12:45 -0800, Christian Stork wrote:
> On Thu, Feb 02, 2006 at 12:25:35PM -0600, kfogel@collab.net wrote:
> Evil Hacker doesn't! She installs x.y.0-rc1 under the name x.y.0 and
> gives Good Company the sigs of the RC. Then Good Company verifies the
> sigs using the public keys of some committers which it received at some
> key signing party.

The tarball does contain the version number inside, so Good Company will
presumably notice that the tarball named x.y.0 actually contains
x.y.0-rc1.

If we've reused the version number from a testing tarball, that would be
a problem, but we've never considered reusing a version number because
of a security flaw, only because of a packaging failure which caused
build problems or the like. There is no security issue with
substituting such a broken x.y.0 tarball for the real one.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Feb 2 22:51:49 2006

This message: [ Message body ]
Next message: Marcelo Matus: "Re: [Swig-user] Re: [Swig-devel] SWIG-1.3.28 release candidate"
Previous message: kfogel_at_collab.net: "Re: svn commit: r18318 - branches/1.3.x"
In reply to: Christian Stork: "Security flaw caused by RC sigs [was: Release policy question]"
Next in thread: Christian Stork: "Re: Security flaw caused by RC sigs [was: Release policy question]"
Reply: Christian Stork: "Re: Security flaw caused by RC sigs [was: Release policy question]"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]