Aw: Re: Changeset Signing
From: Andreas Stieger <Andreas.Stieger_at_gmx.de>
Date: Mon, 8 Jun 2015 10:35:25 +0200
Branko Čibej wrote:
Actually, this is *exactly* what a cryptographic signature is. Assuming Ruchir is not free from the influcences of other three letter tools implementing commit signatures, it is very likely that he is referring to committer supplied signatures which, will fail to validate upon subsequent manipulation of the repository history relevant to the signature. This is a separate problem from internal repository consistency checks.
To answer the initial question: This was not implemented because it is not an inherent problem of centralized version control systems, where the server is assumed to be under the control of a trusted as well as competent party. The trust anchor is the repository giving out access, rather than distributed repositories exchanging/distributing/propagating change. Rather the artefacts are expected to be signed in real-life applications.
Assuming a suitable function to map commits into signable data can be defined, changeset signing could be implemented with storage in revision properties. This would not even need to be part of the core functionality.
This is an archived mail posted to the Subversion Dev mailing list.