On Wed, Mar 7, 2012 at 19:11, Brian Smith <br...@linuxfood.net> wrote: > > On Wed, Mar 7, 2012 at 4:10 PM, Leo Razoumov <slonik...@gmail.com> wrote: >> >> On Wed, Mar 7, 2012 at 18:03, Brian Smith <br...@linuxfood.net> wrote: >> > On Wed, Mar 7, 2012 at 2:40 PM, Leo Razoumov <slonik...@gmail.com> >> > wrote: >> >> >> >> Looking through the fossil source code I found places where manifests >> >> are clearsign-ed. But where are signatures verified? >> > >> > They're not. It's designed for when you're auditing check-ins (after, >> > say, a >> > security breach..) >> >> That's precisely my question. How do I audit? >> What command should I use to verify signed artifacts? Preferably, I >> would like to see something like "fossil verify" that outputs a list >> of all clearsign-ed artifacts in the repo annotated with "checked OK", >> "check Failed" or "cannot check" (e.g. when key is missing). >> >> Recent github compromise gives us some food for thought about fossil's >> mechanism to ensure data integrity. >> >> --Leo-- > > I believe you're supposed to deconstruct the repository, and run each > manifest through gpg. > > -B
Good Lord! Deconstruct a repo, go through all the artifacts, then identify which ones are clearsign-ed, then verify them, then produce a report... Rule #1 in security design: if you make a security feature hard to use, nobody will use it. Why not have a "fossil verify" or "fossil clearcheck" command that makes those checks. Paranoid folks can even run it once a weak from a cron-job. --Leo-- _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
