On 08.06.2015 04:19, Ruchir Arya wrote: > Hello everybody, > > I am new to SVN development. I have a question. Why is there no > implementation of changeset signing in subversion? Suppose if the > root/admin (who maintains repository) is not trustworthy,
If your server administrator is not trustworthy, then no amount of signing is going to help. Anyone with direct access to the repository storage (which a server admin will have) can modify revision contents even if they're signed; no cryptographic signature is proof against attack. > then there is a problem. Is there any future possibility to implement > digital signing of changeset to achieve integrity and non repudiation? > My focus is to implement some of the security related features in svn. Subversion's repository backend already goes a good way towards ensuring integrity: the client provides cryptographic hashes of all committed data and the server checks them before committing, and the reverse happens during checkout/update. The server also stores hashes for certain metadata (although not all; there's room for improvement here). Non-repudiation is a lot harder to achieve because it's not enough to control the server, you also have to prove that every client making commits is free from malicious software that could be inserting backdoors at the source of the commit. -- Brane
