|
From: | Jim Hyslop |
Subject: | Re: [task #4633] GPG-Signed Commits |
Date: | Tue, 20 Sep 2005 23:58:19 -0400 |
User-agent: | Mozilla Thunderbird 1.0.6 (Windows/20050716) |
I've been thinking about the RCS Keyword Exploit ( http://ximbiot.com/cvs/wiki/index.php?title=GPG-Signed_Commits_RCS_Keyword_Exploit )Unless I'm mistaken, no keywords are expanded on check-in, they are all expanded on check-out, correct?
How about if CVS/Base contains the revision exactly as stored in the RCS file (which will then allow the RCS keywords to be included in the signature), and the server also sends a patch that expands the keyword, which would be stored in a separate file, such as .#filename.revision.kwd. Since these files contain only the patches required (if any) to expand RCS keywords, the files will be fairly small.
Thoughts? -- Jim
[Prev in Thread] | Current Thread | [Next in Thread] |