List Archive: gentoo-scm
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
On Sat, Sep 03, 2011 at 01:41:09AM +0300, Alexey Shvetsov wrote:
> Hi all!
> Seems rsbac alive again and its people created a repo with git gpg
> related things 
>  http://git.rsbac.org/cgi-bin/gitweb.cgi?p=git-gpg.git;a=summary
What this does provide, despite the vulnerability I noted in the other
email, is a good framework for handling the signatures.
To defeat the attack I mentioned before, the signatures need to cover:
1. git cat-file commit $commitid |egrep -v '^(tree|parent|commiter)'
2. git diff-tree --no-commit-id -r --raw $commitid
2.1. Grab all of the blobid's from the 4th column.
3. "git show $blobid" for each blobid from #2.1
Robin Hugh Johnson
Gentoo Linux: Developer, Trustee & Infrastructure Lead
E-Mail : firstname.lastname@example.org
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85