On Mar 7, 2012, at 19:10, Leo Razoumov <slonik...@gmail.com> wrote:
> On Wed, Mar 7, 2012 at 18:03, Brian Smith <br...@linuxfood.net> wrote:
>> On Wed, Mar 7, 2012 at 2:40 PM, Leo Razoumov <slonik...@gmail.com> wrote:
>>>
>>> Looking through the fossil source code I found places where manifests
>>> are clearsign-ed. But where are signatures verified?
>>
>> They're not. It's designed for when you're auditing check-ins (after, say, a
>> security breach..)
>>
>
> That's precisely my question. How do I audit?
> What command should I use to verify signed artifacts? Preferably, I
> would like to see something like "fossil verify" that outputs a list
> of all clearsign-ed artifacts in the repo annotated with "checked OK",
> "check Failed" or "cannot check" (e.g. when key is missing).
>
> Recent github compromise gives us some food for thought about fossil's
> mechanism to ensure data integrity.
>
If I understand correctly, what happened at github was that someone exploited a
misconfiguration in the rails framework to insert his own public key as trusted
with respect to several repositories.
The "fossil verify" command you proposed above would have had little to no
benefit in detecting or sorting out that particular mess.
It seems to me cleaning up any specific intrusion is going to be a special case
and is probably going to require a trip into the depths of SQLite. I don't
really see any benefit to having built-in commands to try to detect a subset of
potential intrusions -- that just introduces a larger code base. And every
added line of code is a potential security hole in and of itself.
Themba
> --Leo--
> _______________________________________________
> fossil-users mailing list
> fossil-users@lists.fossil-scm.org
> http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
_______________________________________________
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
