[darcs-users] Security
Peter Busser
busser at m-privacy.de
Mon Dec 27 15:34:34 UTC 2004
On Monday 27 December 2004 15:41, you wrote:
> 2004-12-27T09:50:23 Peter Busser:
> > We've seen people trying to introduce trojan horses in the
> > repositories of various projects, like the Linux kernel CVS copy.
> That "we've seen" them is testimony to the fact that the tooling
> surrounding the major repos defies such efforts pretty well:-).
That is a too optimistic view: They have been *detected*, but not prevented by
these tools. Nor have the tools themselves detected these tampering, it was
humans who figured it out AFAIK.
> Fundamentally, if someone can use an unrelated hole to break in to a
> master repo server, game's over, they can hand-edit the repo to
> slide their trojan in no matter what. But as long as they have to
> try and slip their mods in through the normal flow of the code mgmt
> system, I think darcs's design may make it as robust as any and more
> so than most at giving maintainers good odds of catching sneaky
> stuff before it gets published.
That is true for situations where there is no additional security provided to
protect the repository. If you would have e.g. GnuPG signed files, then you
would not just have to hack the machine, but also have to somehow get the
private key used + passphrase. This would make silently introducing trojans
harder to do and easier to detect.
Groetjes,
Peter.
More information about the darcs-users
mailing list