svn repo verification (Re: FreeBSD 10.1-BETA3 Now Available)
beeessdee at ruggedinbox.com
beeessdee at ruggedinbox.com
Wed Oct 1 02:20:51 UTC 2014
[Subject changed and re@ snipped, this is not 10.1-BETA3 specific.]
On Mon, September 29, 2014 2:16 pm, "Glen Barber" <gjb at FreeBSD.org> wrote:
>> > Anyway, this is not RE-related.
>>
>> Jah, 'RE-related' would be public verify method for whole svn repo tied
>> to
>> audit trail of release process. :-(
>>
>
> I don't understand what you mean. We have a verifiable audit trail - it
> is all in svn revision history.
By this I mean, cryptographic hash chain and signed commits. svn revision
history is audit trail, but not *verifiable* audit trail.
Is there such things in svn metadata? I did not find. If yes, this
should be Handbook documented (and how to use it).
Important because:
* Data at rest in repository, protected from intrusion or the insider
attack.
* Data in transit on wire not protected by svn protocol (except for
persons with the ssh access)
* Every person, everywhere should be able confirm downloaded commit
history is exactly equals bit-for-bit what you (gjb@), Core Team, re@
have in their machines!
Obscure change (example classic "if(uid==0)" to single "if(uid=0)") in
critical piece even 100.000 commits old should be easy detectable by
anyone.
Commit bit should be attached requirement of signing of the commits.
Release Engineering should positively associate each release with checksum
of entire chain of commits, back to r0.
Thanks!
More information about the freebsd-stable
mailing list