[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #50809] Require signed Git commits

From: Sam Kuper
Subject: [bug #50809] Require signed Git commits
Date: Sat, 15 Apr 2017 18:54:01 -0400 (EDT)
User-agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0


                 Summary: Require signed Git commits
                 Project: GNU GRUB
            Submitted by: sampablokuper
            Submitted on: Sat 15 Apr 2017 10:53:59 PM UTC
                Category: Security
                Severity: Major
                Priority: 5 - Normal
              Item Group: Action Request
                  Status: None
                 Privacy: Public
             Assigned to: None
         Originator Name: 
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
                 Release: Git master
         Reproducibility: Every Time
         Planned Release: None



None of GRUB's Git commits have been signed:

$ git log --pretty="format:%G?" | grep -v 'N$'

This exposes GRUB to tampering. See:

GRUB should implement a Git hook to prevent unsigned commits being committed
to the Savannah-hosted master branch or to Savannah-hosted tags.

(By "Savannah-hosted", I mean "hosted at savannah.gnu.org".)


Reply to this item at:


  Message sent via/by Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]