On Fri, Jul 17, 2009 at 11:08:00AM -0700, Brian Aker wrote: > Any thoughts on this: > http://blogs.gnome.org/jamesh/2007/10/04/signed-revisions-with-bazaar/ > > I'd like to look at starting to do this at some point.
I like the git way more: SHA1 hash of the tree. So veriying that the repository is okay is just checking the checksums in the tree (and if you check out a revision using a known good SHA1, you have a known good revision). The signed revisions approach only really works for protecting against malicious modifications of the source tree iff each 'head' revision is a merge that has been signed. During (for example) a bisect, you could easily hit* unsigned revisions that have been maliciously modified and then run that code on your machine. Also, since unsigned revisions are also valid.. there's the possibility of just removing the signature and modifying the revision - and depending on various things**, this may only be exposed to people creating a new branch. So I'm only convinced of it's partial usefulness.... but would love to be shown to be very wrong :) * very much depending on how the repository stores things... which I'm no longer 100% sure if this attack vector is possible. ** based on a bit of guesswork here. -- Stewart Smith _______________________________________________ Mailing list: https://launchpad.net/~drizzle-discuss Post to : [email protected] Unsubscribe : https://launchpad.net/~drizzle-discuss More help : https://help.launchpad.net/ListHelp
