URL:
<http://savannah.gnu.org/bugs/?50809>
Summary: Require signed Git commits
Project: GNU GRUB
Submitted by: sampablokuper
Submitted on: Sat 15 Apr 2017 10:53:59 PM UTC
Category: Security
Severity: Major
Priority: 5 - Normal
Item Group: Action Request
Status: None
Privacy: Public
Assigned to: None
Originator Name:
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Release:
Release: Git master
Reproducibility: Every Time
Planned Release: None
_______________________________________________________
Details:
None of GRUB's Git commits have been signed:
$ git log --pretty="format:%G?" | grep -v 'N$'
$
This exposes GRUB to tampering. See:
https://mikegerwitz.com/papers/git-horror-story
GRUB should implement a Git hook to prevent unsigned commits being committed
to the Savannah-hosted master branch or to Savannah-hosted tags.
(By "Savannah-hosted", I mean "hosted at savannah.gnu.org".)
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?50809>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
_______________________________________________
Bug-grub mailing list
[email protected]
https://lists.gnu.org/mailman/listinfo/bug-grub
