Mark D. Baushke wrote: > Sylvain Beucler <[EMAIL PROTECTED]> writes: > > >I wondered whether it would be possible to simply add commit > >signatures to CVS (I'm getting challenged about that when trying to > >improve the CVS installation at Savannah). > > > I am in favor of having gpg signed commit information to CVS.
Me too. > >The simplest way I though of, would be to sign my commit message, with > >additional 'Headers' specifying the user name and a SHA-1/MD5 hash of > >the file in the current revision (without keyword expansion). > > > I believe that MD5 is not secure enough. I would suggest SHA-1 (or > SHA-256) would be better. > > Other than that, yes adding such a signature to your log message would > be the easiest method to get the information to the CVS server. As you > say, you would need to play some games to get around keyword expansion > problems. > > One gotcha might be that the log message itself may be changed at a > later time using the 'cvs admin' command. I think it would be best to add an RCS newphrase in the archive file for storing signatures. Old versions of CVS and RCS which don't understand the newphrase would even ignore it. See the recent addition of commit ids for an example. As for working around keywords, I don't think signing can be performed securely with keywords in use at all. For instance, consider the line in a function: char *author = "$Author$"; If we decided to sign the -kk version of the file or even the -ko version of the file, then a compromised server could send a line like: char *author = "$Author: ";int gotcha = dosomethingnasty();char *dummy = "$"; and a verfier which converted to -kk or -ko mode for verification would hapily confirm the file was the original. And don't forget, even if we decide to ignore keywords and tell folks they can't use signing with keywords (a warning to set -ko mode from CVS when keywords are detected may be in order), files will still need to be converted to UNIX EOLs before sigining and verification on systems which would have converted the EOLs for network transport. > >How much time do you think it would take to a good CVS hacker to > >implement this in CVS (or even code this as an external wrapper?). If > >you think that's possible maybe I could implement a prototype myself. > > > I am not sure how long it would take to hack CVS changes into place. I don't think that this should be very complicated at all since RCS keywords must be ignored by necessity. Most of the necessary code for EOL conversion and RCS newphrases should be inside CVS already and not very complicated to hook into. If you were to hook into the src/run.c code for external GPG execution and trust the user to maintain their gpg executable and keyring, I'd imagine a motivated developer could make short work of this. Derek -- Derek R. Price CVS Solutions Architect Ximbiot <http://ximbiot.com> v: +1 717.579.6168 f: +1 717.234.3125 <mailto:[EMAIL PROTECTED]> _______________________________________________ Info-cvs mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/info-cvs
