[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: reposurgeon now writes Subversion repositories

From: Daniel Shahaf <d.s_at_daniel.shahaf.name>
Date: Sat, 1 Dec 2012 08:13:29 +0200

Eric S. Raymond wrote on Sat, Dec 01, 2012 at 01:03:28 -0500:
> kmradke_at_rockwellcollins.com <kmradke_at_rockwellcollins.com>:
> > Possibly I'm naive, but a client provided email address is far
> > from being a GUID. In fact, I can pretty much set my email address
> > to anything in most DVCS tools. Who is to say I haven't used
> > your email address when committing?
>
> Technically, nothing. The underlying assumption is that you trust
> your contributors not to *want* to spoof each other.
>
> Sure, it would be nice to have better authentication than that, but
> if you think for a bit you'll see that this is a very hard problem.
> The cost of solving it would so high that DVCSes have decided they have
> to ignore the spoofing case and hope everybody behaves well.
>

Haven't a few projects decided to require PGP-signed revisions instead?

> So far, this has worked.
> --
> Eric S. Raymond
Received on 2012-12-01 07:14:42 CET

This is an archived mail posted to the Subversion Dev mailing list.