This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Notes from the version control BOF at the summit

Paul Koning <pkoning@equallogic.com> writes:

> I must be missing something here.

Indeed.

> SSH (as currently deployed in the GCC project) uses digital
> signatures for authentication.  So right now we have digital
> signature protection.  If the repository servers are otherwise
> secure, you'd need to break SSH to compromise CVS.

The models are quite different.  SSH authentication lasts one login
session, and might help verify the *person*.  Signed repository
patches last forever, and verify the *change*.

> On the other hand, if the private key of an authorized write-access
> maintainer is compromised, then the repository can be tampered with
> (but the history would show that).  [...]

With signed patches and an appropriate merging server, there is no
need for developers to have login access to a repository server at
all.  Tampering possibilities are considerably constrained.


- FChE
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]