This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
Re: Notes from the version control BOF at the summit
Florian Weimer <fw@deneb.enyo.de> writes:
> * Ian Lance Taylor:
>
> > For accidental repository corruption, we have backups. For deliberate
> > repository corruption, digital signatures don't help, except to pin
> > down precisely who did it.
>
> The general belief is that developer machines are secure, while the
> repository server is insecure. The primary cause for that belief is
> that so far, we have no publicly documented case in which a developer
> machine was compromised, but several high-profile cases which involve
> repositories or distribution sites.
I have no clue where this "general" belief came from, since more than one
high-profile compromise that I can think of was the result of a developer's
machine being compromised.
> However, digital signatures (if done right) can aid in recovery from a
> break-in, but so can a good, multi-generation backup.
>
> --
> Current mail filters: many dial-up/DSL/cable modem hosts, and the
> following domains: bigpond.com, di-ve.com, fuorissimo.com, hotmail.com,
> jumpy.it, libero.it, netscape.net, postino.it, simplesnet.pt, spymac.com,
> tiscali.co.uk, tiscali.cz, tiscali.it, voila.fr, yahoo.com.
>
--
Thanks,
Jim
http://www.student.cs.uwaterloo.ca/~ja2morri/
http://phython.blogspot.com
http://open.nit.ca/wiki/?page=jim