Sylvain Beucler wrote: >On Mon, Sep 19, 2005 at 04:01:55PM -0400, Derek Price wrote: > > >>[...] but the most >>important step is the client verification, I think. The server >>authorization already probably depends on SSH keys or somesuch. >> >> > >I don't think GPG can be used to authenticate users. >
Well, not per-se, as in signed commit-data being acceptable ID verification, but some sort of additional "sign this very long, random token and return it" step could be usable in place of pserver's password auth. Not that I plan on writing that. :) >Malicious people >could resubmit old commits (with known security issues), > Ouch. I hadn't thought of that. That's a weakness of signed commits after a server compromise too, except that injection of old revisions would hopefully be relatively easy to spot due to old bugs reappearing, new features disappearing, and maybe file dependencies breaking compilation. I'm not sure how to deal with it, except to recommend that all developers revoke their old keys and create new ones after a security release of any given software. It does mean that resigning old revisions will generally be a bad idea. > or garbage >(signed mails), for example. > > This at least would be instantly noticable and the commit revoked. It is also unlikely to be capable of enabling security exploit of other systems. Regards, Derek -- Derek R. Price CVS Solutions Architect Ximbiot <http://ximbiot.com> v: +1 717.579.6168 f: +1 717.234.3125 <mailto:[EMAIL PROTECTED]> _______________________________________________ Bug-cvs mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/bug-cvs
