[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GPG-Signed Commits proposal
From: |
Mark D. Baushke |
Subject: |
Re: GPG-Signed Commits proposal |
Date: |
Fri, 19 Aug 2005 18:50:07 -0700 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Sylvain Beucler <address@hidden> writes:
> I wondered whether it would be possible to simply add commit
> signatures to CVS (I'm getting challenged about that when trying to
> improve the CVS installation at Savannah).
I am in favor of having gpg signed commit information to CVS.
> The simplest way I though of, would be to sign my commit message, with
> additional 'Headers' specifying the user name and a SHA-1/MD5 hash of
> the file in the current revision (without keyword expansion).
I believe that MD5 is not secure enough. I would suggest SHA-1 (or
SHA-256) would be better.
Other than that, yes adding such a signature to your log message would
be the easiest method to get the information to the CVS server. As you
say, you would need to play some games to get around keyword expansion
problems.
One gotcha might be that the log message itself may be changed at a
later time using the 'cvs admin' command.
> Or more generally, perform something similar to Monotone, that is, add
> a concatenation of signed assertions about the code.
Hmmm... Well, monotone has a slightly different model and I am not sure
that the same assertions are as easy to find.
> The commit message would be bigger, but GPG-signed message are
> 'blocks' that can easily be ignored or simplified by 3rd-party
> software such as ViewCVS.
Agreed.
> A complete check would be long, with the need to compute each revision
> and test it against the checksum, but we can't sign deltas, since CVS
> uses (changing) reverse deltas. That check would be possible anyway,
> and is usually needed only for the latest revision.
True. You could also add somekind of a new cvs command to perform the
checksum validation after checkout has finished on demand rather than
doing it all of the time.
> Does this sound plausible?
Yes.
> How much time do you think it would take to a good CVS hacker to
> implement this in CVS (or even code this as an external wrapper?). If
> you think that's possible maybe I could implement a prototype myself.
I am not sure how long it would take to hack CVS changes into place.
Having a signature for a given file as an attribute part of the delta
record should not be that hard to do (we just recently added the
commitid without too much trouble).
Doing it as an external wrapper should be fairly straight forward.
-- Mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)
iD8DBQFDBoxPCg7APGsDnFERAiSlAJ95GNJS+Xhydu8W1dEo0cN78glLGgCgpQ8o
mJkugvYQGd6lU+fWSRcBj4s=
=ul7l
-----END PGP SIGNATURE-----