| 1 |
On Sat, Sep 20, 2014 at 8:58 PM, Gordon Pettey <petteyg359@×××××.com> wrote: |
| 2 |
> You're following the wrong train down the wrong tracks. Git [0-9a-f]{40} is |
| 3 |
> to CVS 1[.][1-9][0-9]+. You're arguing that CVS is more secure because its |
| 4 |
> commits are sequential numbers. |
| 5 |
|
| 6 |
Ulrich is well-aware of that. His argument is that with cvs there is |
| 7 |
no security whatsoever in the scm, and so there is more interest in |
| 8 |
layering security on-top. With git there is more of a tendency to |
| 9 |
rely on the less-than-robust commit signing system. |
| 10 |
|
| 11 |
We could always just keep full manifests in the tree and be no worse |
| 12 |
off than with cvs. |
| 13 |
|
| 14 |
I sill think it makes more sense to start with a threat model and go |
| 15 |
from there. There are a lot of devs with a lot of keys and a lot of |
| 16 |
steps on servers where the tree has to be manipulated. |
| 17 |
|
| 18 |
One of the advantages of robust commit signing would be that in the |
| 19 |
event there was a compromise it would be a lot easier to go back and |
| 20 |
clean up the mess. |
| 21 |
|
| 22 |
-- |
| 23 |
Rich |
Archives