[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [task #4633] GPG-Signed Commits
From: |
Sylvain Beucler |
Subject: |
Re: [task #4633] GPG-Signed Commits |
Date: |
Wed, 21 Sep 2005 19:52:14 +0200 |
User-agent: |
Mutt/1.5.9i |
On Mon, Sep 19, 2005 at 04:01:55PM -0400, Derek Price wrote:
> [...] but the most
> important step is the client verification, I think. The server
> authorization already probably depends on SSH keys or somesuch.
I don't think GPG can be used to authenticate users. Malicious people
could resubmit old commits (with known security issues), or garbage
(signed mails), for example.
I know that that's exactly what is done at Savannah and ftp.gnu.org
for the upload system - it not a Good Thing nonetheless.
--
Sylvain
- Re: [task #4633] GPG-Signed Commits, (continued)
- Re: [task #4633] GPG-Signed Commits, Mark D. Baushke, 2005/09/19
- Re: [task #4633] GPG-Signed Commits, Derek Price, 2005/09/19
- Re: [task #4633] GPG-Signed Commits, Mark D. Baushke, 2005/09/19
- Re: [task #4633] GPG-Signed Commits, Larry Jones, 2005/09/19
- Re: [task #4633] GPG-Signed Commits, Derek Price, 2005/09/19
- Re: [task #4633] GPG-Signed Commits, Derek Price, 2005/09/19
- Re: [task #4633] GPG-Signed Commits, Derek Price, 2005/09/19
- Re: [task #4633] GPG-Signed Commits, Todd Denniston, 2005/09/20
- Re: [task #4633] GPG-Signed Commits, Derek Price, 2005/09/20
- Re: [task #4633] GPG-Signed Commits, Todd Denniston, 2005/09/22
- Re: [task #4633] GPG-Signed Commits,
Sylvain Beucler <=
- Re: [task #4633] GPG-Signed Commits, Derek Price, 2005/09/21
- Re: [task #4633] GPG-Signed Commits, Derek Price, 2005/09/23
- Re: [task #4633] GPG-Signed Commits, Mark D. Baushke, 2005/09/23
- Re: [task #4633] GPG-Signed Commits, Derek Price, 2005/09/23
- Re: [task #4633] GPG-Signed Commits, Mark D. Baushke, 2005/09/23
- Re: [task #4633] GPG-Signed Commits, Derek Price, 2005/09/23
- Re: [task #4633] GPG-Signed Commits, Jim Hyslop, 2005/09/23
- Re: [task #4633] GPG-Signed Commits, Mark D. Baushke, 2005/09/23
- Re: [task #4633] GPG-Signed Commits, Derek Price, 2005/09/23
- Re: [task #4633] GPG-Signed Commits, Jim Hyslop, 2005/09/24