On Sat, Sep 20, 2014 at 8:58 PM, Gordon Pettey <[email protected]> wrote: > You're following the wrong train down the wrong tracks. Git [0-9a-f]{40} is > to CVS 1[.][1-9][0-9]+. You're arguing that CVS is more secure because its > commits are sequential numbers.
Ulrich is well-aware of that. His argument is that with cvs there is no security whatsoever in the scm, and so there is more interest in layering security on-top. With git there is more of a tendency to rely on the less-than-robust commit signing system. We could always just keep full manifests in the tree and be no worse off than with cvs. I sill think it makes more sense to start with a threat model and go from there. There are a lot of devs with a lot of keys and a lot of steps on servers where the tree has to be manipulated. One of the advantages of robust commit signing would be that in the event there was a compromise it would be a lot easier to go back and clean up the mess. -- Rich
