Re: reposurgeon now writes Subversion repositories

From: Daniel Shahaf <d.s_at_daniel.shahaf.name>
Date: Sat, 1 Dec 2012 08:13:29 +0200

Eric S. Raymond wrote on Sat, Dec 01, 2012 at 01:03:28 -0500:
> kmradke_at_rockwellcollins.com <kmradke_at_rockwellcollins.com>:
> > Possibly I'm naive, but a client provided email address is far
> > from being a GUID. In fact, I can pretty much set my email address
> > to anything in most DVCS tools. Who is to say I haven't used
> > your email address when committing?
>
> Technically, nothing. The underlying assumption is that you trust
> your contributors not to *want* to spoof each other.
>
> Sure, it would be nice to have better authentication than that, but
> if you think for a bit you'll see that this is a very hard problem.
> The cost of solving it would so high that DVCSes have decided they have
> to ignore the spoofing case and hope everybody behaves well.
>

Haven't a few projects decided to require PGP-signed revisions instead?

> So far, this has worked.
> --
> Eric S. Raymond
Received on 2012-12-01 07:14:42 CET

This message: [ Message body ]
Next message: Eric S. Raymond: "Re: reposurgeon now writes Subversion repositories"
Previous message: Eric S. Raymond: "Re: reposurgeon now writes Subversion repositories"
In reply to: Eric S. Raymond: "Re: reposurgeon now writes Subversion repositories"
Next in thread: Eric S. Raymond: "Re: reposurgeon now writes Subversion repositories"
Reply: Eric S. Raymond: "Re: reposurgeon now writes Subversion repositories"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]