On 12/15/17, Andy Bradford wrote:
> Thus said Warren Young on Thu, 14 Dec 2017 12:13:18 -0700:
>
>> Fossil arguably has a bug here, where if you check a change in as
>> local user name ``tangent'', as I do here, then *later* do a ``fossil
>> sync'' to a URL with a user name, some bit of the local on-disk state
>> remembers that you originally cloned the repo as tangent and makes
>> your changes under that name.
>
> I disagree that this is a bug. I consider it useful flexibility.
>
>> I classify this as a bug because it could be used for an impersonation
>> attack.
>
> Fossil records which user synchronized the content in the recvfrom table
> so the owner of the remote repository knows who did it if he cares.
>
> As stated in the past, Fossil is meant for a tighter group of
> developers---perhaps this perception has changed---one in which
> impersonation is unlikely.
>
I was very aware of all of these factors when I designed Fossil, 10
years ago. Impersonation was a concern. But in a DVCS, there really
is no way around it.
Defenses include:
(1) The rcvfrom table that shows clearly where all artifacts
originated, thus allowing the originator of a deception to be tracked
down and dealt with administratively.
(2) Check-ins can be signed using GPG or PGP. (I do this on TH3, fwiw.)
--
D. Richard Hipp
d...@sqlite.org
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users