1 |
On Mon, Jun 04, 2012 at 04:57:42PM -0400, Rich Freeman wrote: |
2 |
> 2. Hacker commits something to the tree. Top of tree is not signed. |
3 |
> No need for preimage attacks or whatever on sha1 - they just log into |
4 |
> the server and do a git commit or whatever right into the tree. |
5 |
> 3. Gentoo dev commits a bunch of stuff to the tree. Top of tree is signed. |
6 |
|
7 |
When the breach is discovered, you can then isolate the dev (or devs) |
8 |
who implicitly signed the hack (2) by pulling the ToT without checking |
9 |
for a valid signature (3). Then you yell at them for sloppy security, |
10 |
and tell them to install your signature-checking post-receive hook. |
11 |
|
12 |
Trevor |
13 |
|
14 |
-- |
15 |
This email may be signed or encrypted with GnuPG (http://www.gnupg.org). |
16 |
For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy |