[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Trust in monotone (was Re: [Monotone-devel] newbie question - SHA1 vs se

From: Nathaniel Smith
Subject: Trust in monotone (was Re: [Monotone-devel] newbie question - SHA1 vs serials)
Date: Tue, 19 Apr 2005 11:19:03 -0700
User-agent: Mutt/1.5.8i

On Tue, Apr 19, 2005 at 09:50:57AM -0700, K. Richard Pixley wrote:
> In other messages, I've agreed that some form of repository 
> authentication would solve the problem.  Long term, I think this sort of 
> feature would be very useful in monotone, even aside from the issue of 
> man-in-the-middle and imposter attacks.
> As I read the manual, (the sum of my monotone experience), monotone is 
> currently vulnerable to these problems already.  And finding a means of 
> addressing it would seem to be a welcome addition in any case.

We do have "repository authentication" at netsync time -- mostly as a
way to prevent public monotone servers from being turned into warez
distribution networks, etc.

For more protection, we prefer to define trust at the edges; there's
at least a somewhat thought-out design for how to do this more
systematicall (the current get_revision_cert_trust hook is very much a
stopgap measure).  Anyone interested can see some discussion:

Trust is also a rather serious problem with serials.  The case where I
have and someone sends me isn't so bad; the
bad case is where I have and someone else sends _you_, you have no way to tell whether it's valid or not, and
now when I tell you "hey, can you check out this bug I'm working on
in", you may unknowingly check out and run the evil
person's code instead.  Hashes, you _always_ can communicate reliably.

-- Nathaniel

.i dei jitfa fanmo xatra

reply via email to

[Prev in Thread] Current Thread [Next in Thread]