On 08.06.2015 04:19, Ruchir Arya wrote:
> Hello everybody,
>
> I am new to SVN development. I have a question. Why is there no
> implementation of changeset signing in subversion? Suppose if the
> root/admin (who maintains repository) is not trustworthy,
If your server administrator is not trustworthy, then no amount of
signing is going to help. Anyone with direct access to the repository
storage (which a server admin will have) can modify revision contents
even if they're signed; no cryptographic signature is proof against attack.
> then there is a problem. Is there any future possibility to implement
> digital signing of changeset to achieve integrity and non repudiation?
> My focus is to implement some of the security related features in svn.
Subversion's repository backend already goes a good way towards ensuring
integrity: the client provides cryptographic hashes of all committed
data and the server checks them before committing, and the reverse
happens during checkout/update. The server also stores hashes for
certain metadata (although not all; there's room for improvement here).
Non-repudiation is a lot harder to achieve because it's not enough to
control the server, you also have to prove that every client making
commits is free from malicious software that could be inserting
backdoors at the source of the commit.
-- Brane
Received on 2015-06-08 10:11:28 CEST