On 12/15/17, Andy Bradford <amb-fos...@bradfords.org> wrote: > Thus said Warren Young on Thu, 14 Dec 2017 12:13:18 -0700: > >> Fossil arguably has a bug here, where if you check a change in as >> local user name ``tangent'', as I do here, then *later* do a ``fossil >> sync'' to a URL with a user name, some bit of the local on-disk state >> remembers that you originally cloned the repo as tangent and makes >> your changes under that name. > > I disagree that this is a bug. I consider it useful flexibility. > >> I classify this as a bug because it could be used for an impersonation >> attack. > > Fossil records which user synchronized the content in the recvfrom table > so the owner of the remote repository knows who did it if he cares. > > As stated in the past, Fossil is meant for a tighter group of > developers---perhaps this perception has changed---one in which > impersonation is unlikely. >
I was very aware of all of these factors when I designed Fossil, 10 years ago. Impersonation was a concern. But in a DVCS, there really is no way around it. Defenses include: (1) The rcvfrom table that shows clearly where all artifacts originated, thus allowing the originator of a deception to be tracked down and dealt with administratively. (2) Check-ins can be signed using GPG or PGP. (I do this on TH3, fwiw.) -- D. Richard Hipp d...@sqlite.org _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users