Hello, On Wed 12 Jun 2024 at 11:10am +02, Ansgar 🙀 wrote:
> On Wed, 2024-06-12 at 09:18 +0200, Gard Spreemann wrote: >> >> I have not more than skimmed the architecture, so forgive me if this >> makes no sense: Could this fear (whether overblown or not) not be >> alleviated by including in the tag2upload structured metadata a SHA-256 >> hash of all the files in the given commit? > > Yes, that was suggested as a compromise in the past, but tag2upload > upstream was not interested in having any changes. We are (and were) interested in all well-motivated change proposals. Gard, thank you for your interest. I will not reply directly to what you say, because I do not think that it is productive to discuss these questions at this level of generality. Fortunately, we have Russ's security review to use as a basis for discussion. This we did not have four years ago. If you think there is an improvement to be made, then I would ask you to - identify the relevant attack vector enumerated in the report - explain why the current design does not adequately address the threat - explain how your proposed change would address the threat in a way that the current design does not. We will not do ourselves any favours if we make the design and implementation more complex without being sure that in doing so we are actually mitigating any threats. -- Sean Whitton
signature.asc
Description: PGP signature
