This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
Re: Notes from the version control BOF at the summit
Paul Koning <pkoning@equallogic.com> writes:
> I must be missing something here.
Indeed.
> SSH (as currently deployed in the GCC project) uses digital
> signatures for authentication. So right now we have digital
> signature protection. If the repository servers are otherwise
> secure, you'd need to break SSH to compromise CVS.
The models are quite different. SSH authentication lasts one login
session, and might help verify the *person*. Signed repository
patches last forever, and verify the *change*.
> On the other hand, if the private key of an authorized write-access
> maintainer is compromised, then the repository can be tampered with
> (but the history would show that). [...]
With signed patches and an appropriate merging server, there is no
need for developers to have login access to a repository server at
all. Tampering possibilities are considerably constrained.
- FChE