On Mon, 2004-03-15 at 11:52, Ben Laurie wrote: > Justin Erenkrantz wrote: > > > --On Sunday, March 14, 2004 11:18 PM -0600 "William A. Rowe, Jr." > > <[EMAIL PROTECTED]> wrote: > > > >> as the GNU, ASF, and SF projects all discovered, full backups by third > >> parties are invaluable. What is the equivalent to rsync, and is it as > >> stable?
Caching proxies are also an option FWIW. > > I think you mean cvsup not rsync. We're currently creating incremental > > dumps on every commit. Those can be digitally signed and rsync'd > > off-site. This is far more secure and auditable than any CVS-based > > solution > It is? How? Unless the committer signs (which ISTR was rejected as an > option when I suggested it, so I'm assuming that doesn't happen), Can someone remind me why/where that was rejected? > then they must be signed by the server - a successful attacker can therefore > sign his modifications, too. Or am I missing something? (I don't use > subversion yet, so forgive me if the answer is obvious). This is correct. However, signed by the server is still better than not signed at all IMO. The certainty it gives is that any changeset was signed by the server, and that all copies elsewhere therefor must match that signature. And when it comes to our server(s) we can do integrity checks by comparing last known signatures, if any old signature is different, raise the red flag. > > - and is in fact, one reason why the ASF [EMAIL PROTECTED] and the board > > want to get off CVS. > > It is news to me that the board have expressed this view. Several people on the board have expressed this view on a personal level, I don't recall the board having put it on the agenda either, nor do I think that it should. Sander
