From: "brian m. carlson" <sandals@crustytoothpaste.net>
To: Colin Walters <walters@verbum.org>
Cc: git@vger.kernel.org
Subject: Re: weaning distributions off tarballs: extended verification of git tags
Date: Sat, 28 Feb 2015 19:14:03 +0000 [thread overview]
Message-ID: <20150228191403.GD514544@vauxhall.crustytoothpaste.net> (raw)
In-Reply-To: <1425134885.3150003.233627665.2E48E28B@webmail.messagingengine.com>
[-- Attachment #1: Type: text/plain, Size: 1515 bytes --]
On Sat, Feb 28, 2015 at 09:48:05AM -0500, Colin Walters wrote:
>The above strawman code allows embedding the SHA256(git archive | tar). Now,
>in order to make this work, the byte output of "git archive" must never change in the
>future. I'm not sure how valid an assumption this is. Timestamps are set to the
>commit timestamp, but I could imagine someone wanting to come along later
>and tweak the output to be compatible with some variant of tar or something.
This is not a safe assumption. Unfortunately, kernel.org assumed that
it was the case, and a change broke it. Let's please not make more code
that does that.
>We could define the checksum to be over the stream of raw objects, sorted by their checksum,
>and that way be independent of archiving format variations.
This would be a much better idea, assuming you mean "raw git objects".
For cryptographic purposes, it's important to make the item boundaries
unambiguous, which is usually done using the length. Since the raw git
objects include the length, this is sufficient.
If you don't make the boundaries unambiguous, you get the problem you
have with v3 OpenPGP keys, where somebody could move bytes from one
value to another, creating a different key, but with the same
fingerprint (hash value).
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
next prev parent reply other threads:[~2015-02-28 19:14 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-28 14:48 weaning distributions off tarballs: extended verification of git tags Colin Walters
2015-02-28 19:14 ` brian m. carlson [this message]
2015-02-28 20:34 ` Morten Welinder
2015-03-02 17:09 ` Colin Walters
2015-03-02 18:12 ` Joey Hess
2015-03-02 19:38 ` Sam Vilain
2015-03-02 20:08 ` Junio C Hamano
2015-03-02 20:52 ` Sam Vilain
2015-03-02 23:20 ` Duy Nguyen
2015-03-02 23:44 ` Junio C Hamano
2015-03-03 0:42 ` Duy Nguyen
2015-03-05 12:36 ` Michael Haggerty
2015-07-08 4:00 ` Colin Walters
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150228191403.GD514544@vauxhall.crustytoothpaste.net \
--to=sandals@crustytoothpaste.net \
--cc=git@vger.kernel.org \
--cc=walters@verbum.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).