1 |
On Sat, Sep 20, 2014 at 8:58 PM, Gordon Pettey <petteyg359@×××××.com> wrote: |
2 |
> You're following the wrong train down the wrong tracks. Git [0-9a-f]{40} is |
3 |
> to CVS 1[.][1-9][0-9]+. You're arguing that CVS is more secure because its |
4 |
> commits are sequential numbers. |
5 |
|
6 |
Ulrich is well-aware of that. His argument is that with cvs there is |
7 |
no security whatsoever in the scm, and so there is more interest in |
8 |
layering security on-top. With git there is more of a tendency to |
9 |
rely on the less-than-robust commit signing system. |
10 |
|
11 |
We could always just keep full manifests in the tree and be no worse |
12 |
off than with cvs. |
13 |
|
14 |
I sill think it makes more sense to start with a threat model and go |
15 |
from there. There are a lot of devs with a lot of keys and a lot of |
16 |
steps on servers where the tree has to be manipulated. |
17 |
|
18 |
One of the advantages of robust commit signing would be that in the |
19 |
event there was a compromise it would be a lot easier to go back and |
20 |
clean up the mess. |
21 |
|
22 |
-- |
23 |
Rich |