Re: [fossil-users] Lots of web interface changes

2017-12-15 Thread John P. Rouillard 
Hello Richard:

In message

Re: [fossil-users] tangent vs. wyoung on recent commti

2017-12-15 Thread Richard Hipp 
On 12/15/17, Andy Bradford  wrote:
> Thus said Warren Young on Thu, 14 Dec 2017 12:13:18 -0700:
>
>> Fossil arguably  has a  bug here, where  if you check  a change  in as
>> local user name ``tangent'', as I  do here, then *later* do a ``fossil
>> sync'' to a URL with a user  name, some bit of the local on-disk state
>> remembers that  you originally  cloned the repo  as tangent  and makes
>> your changes under that name.
>
> I disagree that this is a bug.  I consider it useful flexibility.
>
>> I classify this as a bug because it could be used for an impersonation
>> attack.
>
> Fossil records which user synchronized the content in the recvfrom table
> so the owner of the remote repository knows who did it if he cares.
>
> As  stated  in  the  past,  Fossil  is meant  for  a  tighter  group  of
> developers---perhaps   this  perception   has  changed---one   in  which
> impersonation is unlikely.
>

I was very aware of all of these factors when I designed Fossil, 10
years ago.  Impersonation was a concern.  But in a DVCS, there really
is no way around it.

Defenses include:

(1) The rcvfrom table that shows clearly where all artifacts
originated, thus allowing the originator of a deception to be tracked
down and dealt with administratively.

(2) Check-ins can be signed using GPG or PGP.  (I do this on TH3, fwiw.)
-- 
D. Richard Hipp
d...@sqlite.org
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] tangent vs. wyoung on recent commti

2017-12-15 Thread Andy Bradford 
Thus said Warren Young on Thu, 14 Dec 2017 12:13:18 -0700:

> Fossil arguably  has a  bug here, where  if you check  a change  in as
> local user name ``tangent'', as I  do here, then *later* do a ``fossil
> sync'' to a URL with a user  name, some bit of the local on-disk state
> remembers that  you originally  cloned the repo  as tangent  and makes
> your changes under that name.

I disagree that this is a bug.  I consider it useful flexibility.

> I classify this as a bug because it could be used for an impersonation
> attack.

Fossil records which user synchronized the content in the recvfrom table
so the owner of the remote repository knows who did it if he cares.

As  stated  in  the  past,  Fossil  is meant  for  a  tighter  group  of
developers---perhaps   this  perception   has  changed---one   in  which
impersonation is unlikely.

Andy
-- 
TAI64 timestamp: 40005a3415b3


___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users