Re: reposurgeon now writes Subversion repositories

From: Eric S. Raymond <esr_at_thyrsus.com>
Date: Sat, 1 Dec 2012 01:03:28 -0500

kmradke_at_rockwellcollins.com <kmradke_at_rockwellcollins.com>:
> Possibly I'm naive, but a client provided email address is far
> from being a GUID. In fact, I can pretty much set my email address
> to anything in most DVCS tools. Who is to say I haven't used
> your email address when committing?

Technically, nothing. The underlying assumption is that you trust
your contributors not to *want* to spoof each other.

Sure, it would be nice to have better authentication than that, but
if you think for a bit you'll see that this is a very hard problem.
The cost of solving it would so high that DVCSes have decided they have
to ignore the spoofing case and hope everybody behaves well.

So far, this has worked.

-- 
		Eric S. Raymond

Received on 2012-12-01 07:04:11 CET

This message: [ Message body ]
Next message: Daniel Shahaf: "Re: reposurgeon now writes Subversion repositories"
Previous message: Justin Erenkrantz: "Re: reposurgeon now writes Subversion repositories"
Maybe in reply to: Justin Erenkrantz: "Re: reposurgeon now writes Subversion repositories"
Next in thread: Daniel Shahaf: "Re: reposurgeon now writes Subversion repositories"
Reply: Daniel Shahaf: "Re: reposurgeon now writes Subversion repositories"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]