This is the mail archive of the mailing list for the GCC project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Notes from the version control BOF at the summit

Florian Weimer <> writes:

> * Ian Lance Taylor:
> > For accidental repository corruption, we have backups.  For deliberate
> > repository corruption, digital signatures don't help, except to pin
> > down precisely who did it.
> The general belief is that developer machines are secure, while the
> repository server is insecure.  The primary cause for that belief is
> that so far, we have no publicly documented case in which a developer
> machine was compromised, but several high-profile cases which involve
> repositories or distribution sites.

 I have no clue where this "general" belief came from, since more than one
high-profile compromise that I can think of was the result of a developer's
machine being compromised.

> However, digital signatures (if done right) can aid in recovery from a
> break-in, but so can a good, multi-generation backup.
> -- 
> Current mail filters: many dial-up/DSL/cable modem hosts, and the
> following domains:,,,,


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]