Hi all, I mentioned on this list a few days ago that I am implementing gpg-signed-commits for CVS. This is somewhat of a new area for me, and I was hoping to trust GPG to solve most of the security issues, but it turns out this doesn't cover the possibility of replay attacks. We've been discussing this for a few days on bug-cvs@nongnu.org, but it feels somewhat like we are stumbling around in the dark and I was hoping for some comments from people more familiar with this sort of thing. The current end of the thread is here: <http://lists.gnu.org/archive/html/bug-cvs/2005-10/msg00037.html>. Probably not more than two messages back in that thread are particularly relevant, unless you want to laugh at our ignorance.
For background, the gpg-signed-commits design is Wikied here: <http://ximbiot.com/cvs/wiki/index.php?title=GPG-Signed_Commits>. If you would care to comment on any other shortcomings in this design, that would be welcome too. Thanks, Derek -- Derek R. Price CVS Solutions Architect Ximbiot <http://ximbiot.com> v: +1 717.579.6168 f: +1 717.234.3125 <mailto:[EMAIL PROTECTED]> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
