On Wed, 3 Aug 2016, Santiago Torres wrote:
So if you want to treat Git as a cryptographic end-to-end distribution
mechanism, then no, it fails horribly at that. But the state of the art
in source code distribution, no matter which system you use, is much
less advanced than that. People download
On Wed, Aug 03, 2016 at 01:58:54PM -0400, Jeff King wrote:
> On Wed, Aug 03, 2016 at 01:45:00PM -0400, Santiago Torres wrote:
>
> > > - if there is a chain of signatures, the attacker must follow the
> > > chain, but they can always withhold links from the end. So imagine a
> > > reposit
On Wed, Aug 3, 2016 at 10:22 AM, Santiago Torres wrote:
> On Wed, Aug 03, 2016 at 10:14:21AM -0700, Stefan Beller wrote:
>> On Wed, Aug 3, 2016 at 8:25 AM, Santiago Torres wrote:
>> > > share things before they are published. Thankfully, this is OK in
>> >> > USENIX's book. Here's the link:
>> >
On Wed, Aug 03, 2016 at 10:35:39AM -0700, Stefan Beller wrote:
> On Wed, Aug 3, 2016 at 10:22 AM, Santiago Torres wrote:
> > On Wed, Aug 03, 2016 at 10:14:21AM -0700, Stefan Beller wrote:
> >> On Wed, Aug 3, 2016 at 8:25 AM, Santiago Torres wrote:
> >> > > share things before they are published.
On Wed, Aug 03, 2016 at 01:45:00PM -0400, Santiago Torres wrote:
> > - if there is a chain of signatures, the attacker must follow the
> > chain, but they can always withhold links from the end. So imagine a
> > repository has held a sequence of signed states (A, B, C), that B
> > ha
On Wed, Aug 03, 2016 at 10:35:54AM -0700, Junio C Hamano wrote:
> Santiago Torres writes:
>
> >> Submodules actually track commits, not tags or branches.
> >>
> >> This is confusing for some users, e.g. the user intended to track a
> >> library at version 1.1, but it tracks 1234abcd instead (whi
Santiago Torres writes:
>> Submodules actually track commits, not tags or branches.
>>
>> This is confusing for some users, e.g. the user intended to track
>> a library at version 1.1, but it tracks 1234abcd instead (which is what
>> 1.1 points at).
>
> I'm assuming that git submodule update doe
Hello,
> Here are my comments on the work itself. They're critical, but meant in
> a friendly way. :)
>
Thanks! If anything, the community here has been incredibly helpful in
helping me understand everything.
> As far as the attack goes, I'm still not convinced this is all that
> _interesting_
Jeff King writes:
> Here are my comments on the work itself. They're critical, but meant in
> a friendly way. :)
A tl;dr version of your analysis seems to me that "you solve it the
same way as the push certificate solves it (including the limitation
the latter has)".
If that is the case, I thin
On Wed, Aug 03, 2016 at 10:14:21AM -0700, Stefan Beller wrote:
> On Wed, Aug 3, 2016 at 8:25 AM, Santiago Torres wrote:
> > > share things before they are published. Thankfully, this is OK in
> >> > USENIX's book. Here's the link:
> >> > http://i2.cdn.turner.com/cnnnext/dam/assets/160730192650-14
On Wed, Aug 3, 2016 at 8:25 AM, Santiago Torres wrote:
> > share things before they are published. Thankfully, this is OK in
>> > USENIX's book. Here's the link:
>> > http://i2.cdn.turner.com/cnnnext/dam/assets/160730192650-14new-week-in-politics-super-169.jpg
>>
>> While I had a good laugh, I am
On Wed, Aug 03, 2016 at 10:58:31AM -0400, Santiago Torres wrote:
> I will be presenting a paper regarding the Git metadata issues that we
> discussed at the beginning on the year on USENIX '16. I'm writing To
> make everyone in this ML aware that this work exists and to bring
> everyone into the l
> share things before they are published. Thankfully, this is OK in
> > USENIX's book. Here's the link:
> > http://i2.cdn.turner.com/cnnnext/dam/assets/160730192650-14new-week-in-politics-super-169.jpg
>
> While I had a good laugh, I am wondering whether this is the correct link?
Oh my god, sorr
Hi Santiago,
On Wed, 3 Aug 2016, Santiago Torres wrote:
> I'm open for feedback and corrections. If anything seems odd imprecise
> to the community, I can make an errata in the presentation (at least).
> I'll also try to work towards making corrections anywhere if possible;
> this is my first pub
Hello everyone,
I will be presenting a paper regarding the Git metadata issues that we
discussed at the beginning on the year on USENIX '16. I'm writing To
make everyone in this ML aware that this work exists and to bring
everyone into the loop.
I'm open for feedback and corrections. If anything
15 matches
Mail list logo
