URL: <http://savannah.gnu.org/bugs/?50809>
Summary: Require signed Git commits Project: GNU GRUB Submitted by: sampablokuper Submitted on: Sat 15 Apr 2017 10:53:59 PM UTC Category: Security Severity: Major Priority: 5 - Normal Item Group: Action Request Status: None Privacy: Public Assigned to: None Originator Name: Originator Email: Open/Closed: Open Discussion Lock: Any Release: Release: Git master Reproducibility: Every Time Planned Release: None _______________________________________________________ Details: None of GRUB's Git commits have been signed: $ git log --pretty="format:%G?" | grep -v 'N$' $ This exposes GRUB to tampering. See: https://mikegerwitz.com/papers/git-horror-story GRUB should implement a Git hook to prevent unsigned commits being committed to the Savannah-hosted master branch or to Savannah-hosted tags. (By "Savannah-hosted", I mean "hosted at savannah.gnu.org".) _______________________________________________________ Reply to this item at: <http://savannah.gnu.org/bugs/?50809> _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ _______________________________________________ Bug-grub mailing list Bug-grub@gnu.org https://lists.gnu.org/mailman/listinfo/bug-grub