1 |
On Tue, Jun 5, 2012 at 2:50 AM, Michał Górny <mgorny@g.o> wrote: |
2 |
> On Mon, 4 Jun 2012 16:57:42 -0400 |
3 |
> Rich Freeman <rich0@g.o> wrote: |
4 |
> |
5 |
>> If you go back and look at the tree you see a bunch of signed and |
6 |
>> unsigned commits. How do you easily detect how the unsigned ones got |
7 |
>> there (via a dev with a merge commit, or via other means)? |
8 |
> |
9 |
> Well, that's not a very good solution but the server-side hooks could |
10 |
> also verify the tree state before applying new commits. |
11 |
|
12 |
The obvious problem with this is that it makes the git server a single |
13 |
point of failure - if it is compromised the hooks will not help. |
14 |
Hooks should nevertheless be there to eliminate mistakes. |
15 |
|
16 |
Note that in no way are any of these git flaws any worse than the |
17 |
status quo. I just want to avoid any false sense of security. I |
18 |
think these are flaws that are worth fixing, and I think that was why |
19 |
many have labored to get the signing enabled in git in the first |
20 |
place. |
21 |
|
22 |
My suggestion is to keep working on this, but it shouldn't be |
23 |
considered a blocker for adoption, since these are not new security |
24 |
flaws, and if anything despite its holes git is an improvement. |
25 |
|
26 |
Rich |