Jim Hyslop wrote: > Derek Robert Price wrote: > >> Summary: GPG-Signed Commits >> I put up an editable design document/RFC here: >> <http://ximbiot.com/cvs/wiki/index.php?title=GPG-Signed_Commits>. >> >> The most recent public thread on this topic is here: >> <http://lists.gnu.org/archive/html/info-cvs/2005-08/msg00221.html>. > > > One thing I didn't see in the discussion (maybe I missed it) is: why > is this feature desirable? What are the benefits of it? (I have some > ideas, but I'm going to play dumb here [smart remarks > /dev/null] :=) >
You were looking for more than: "CVS does not provide verification of past revisions of files. Attackers with access to a CVS repository could replace file contents or add new revisions apparently from a project member without users noticing on checkout." (from <http://ximbiot.com/cvs/wiki/index.php?title=GPG-Signed_Commits#Abstract>). This whole discussion started a year or two ago, when both Savannah & cvshome.org were hacked at approximately the same time. The idea is that there is a lot of source on these system in use in a lot of places. Someone hacking root on the system, with access to the CVS repository, could potentially insert unnoticed backdoors in all sorts of software and have those changes quietly downloaded onto developers computers without anyone ever being the wiser. Granted, part of the nature of open source is that hopefully someone would spot this sooner or later, but gpg-signed commits would hopefully bias that towards the sooner side. Regards, Derek -- Derek R. Price CVS Solutions Architect Ximbiot <http://ximbiot.com> v: +1 717.579.6168 f: +1 717.234.3125 <mailto:[EMAIL PROTECTED]> _______________________________________________ Bug-cvs mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/bug-cvs
