"Theodore Y. Ts'o" <ty...@mit.edu> writes: > On Mon, Oct 14, 2019 at 12:42:36PM +0200, Toke Høiland-Jørgensen wrote: >> It should be detectable, though, right? >> >> Say you have two independently administered patchwork instances (or even >> better, two different software packages entirely) that both subscribe to >> the mailing lists, and compare patch content with each other. They >> should at least be able to detect mismatches. Especially if you add a >> sanity check before discarding duplicate message-ids. > > They don't even need to compare against each other; patchwork is about > to add a feature where you can look up patches via message-id, right? > That means it's easy enough to write a program which fetches patches > from patchwork, and compares it to the patches found in > lore.kernel.org. If they don't match, then an alarm can be sounded.
Yeah. I guess what is needed is to go from "can be" to "will be" (as Daniel pointed out in his simultaneous reply). >> This way you'd need to compromise multiple machines to achieve the kind >> of compromise you're worried about. And you can add more independent >> machines until you're satisfied that the risk is low enough :) > > Yep, exactly. This is basically the theory behind Certificate > Transparency[1], applied to patches. Indeed I'm familiar with certificate transparency, so this was certainly not an idea conceived in a vacuum ;) -Toke _______________________________________________ Patchwork mailing list Patchwork@lists.ozlabs.org https://lists.ozlabs.org/listinfo/patchwork