Re: [fossil-users] Control artifact types [Was: Minor new feature: comments when closing/re-opening]
On Fri, 23 Aug 2013 15:06:27 -0400 Richard Hipp d...@sqlite.org wrote: Yes, it is theoretically possible that a Manifest could lack all three card types, but that never happens in actual practice. And were it to come up in the future, the misclassification is mostly harmless. I haven't read the whole thread, but can someone jsut provide tl;dr explanation what is the objective of this recent development in Fossil? Sincerely, Gour -- Before giving up this present body, if one is able to tolerate the urges of the material senses and check the force of desire and anger, he is well situated and is happy in this world. http://www.atmarama.net | Hlapicina (Croatia) | GPG: 52B5C810 ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] Control artifact types [Was: Minor new feature: comments when closing/re-opening]
On Sat, Aug 24, 2013 at 12:57 PM, Gour g...@atmarama.net wrote: I haven't read the whole thread, but can someone jsut provide tl;dr explanation what is the objective of this recent development in Fossil? Independently of one another Jan and i have been going through the manifest-parsing/generating related code (me in libfossil, Jan mostly in fossil(1)), and a couple corner cases and doc inconsistencies were found. Nothing to be worried about as a user. Just cleanups, really, in the name of being pedantic and interoperability. -- - stephan beal http://wanderinghorse.net/home/stephan/ http://gplus.to/sgbeal ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] commit signing
[507ee45f25] http://localhost:8080/info/507ee45f25 Fix an off-by-one bug in the network protocol handler so that it can accept a zero-length file. (*PGP SIGNED*) (user: drhhttp://localhost:8080/timeline?u=drhc=2007-08-25+12%3A31%3A55nd, tags: trunkhttp://localhost:8080/timeline?r=trunkndc=2007-08-25+12%3A31%3A55 ) 04:02 [9b30224db7] http://localhost:8080/info/9b30224db7 Closed-Leaf: Merging formatting changes to timeline and concepts documentation (*PGP SIGNED*) (user: akuhttp://localhost:8080/timeline?u=akuc=2007-08-25+04%3A02%3A27nd, tags: trunkhttp://localhost:8080/timeline?r=trunkndc=2007-08-25+04%3A02%3A27 ) You should be careful how you render things like that. I think now a malicious user Mallory can easily subvert your scheme by appending the text (*PGP SIGNED*) to the end of his unsigned check-in comment. People will think he has signed the check-in when he really hasn't. It gets worse if Mallory can masquerade as DRH during a check-in, and you are relying solely on PGP signatures for authentication. Then you will think that Mallory's code has DRH's blessing when it really does not. Mayhem will surely ensue. :-) This is analogous to a consideration given by the authors of Mutt (an emailer) in which by default they did not render ANSI color escape sequences in messages -- again because it could be used to subvert their PGP rendering scheme. See http://www.mutt.org/doc/manual/manual-6.html and search for allow_ansi. You might be able to cure the issue by rendering the the indicator in a way that a user cannot affect directly. Eric ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] commit signing
On Sat, Aug 24, 2013 at 10:30 PM, Eric Rubin-Smith eas@gmail.comwrote: You should be careful how you render things like that. I think now a malicious user Mallory can easily subvert your scheme by appending the text (*PGP SIGNED*) to the end of his unsigned check-in comment. People will think he has signed the check-in when he really hasn't. All excellent points. That feature was in its own branch, and you've certainly convinced me not to trunk it. -- - stephan beal http://wanderinghorse.net/home/stephan/ http://gplus.to/sgbeal ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
