[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [task #4633] GPG-Signed Commits
From: |
Mark D. Baushke |
Subject: |
Re: [task #4633] GPG-Signed Commits |
Date: |
Tue, 04 Oct 2005 11:06:17 -0700 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Derek Price <derek@ximbiot.com> writes:
> Derek Price wrote:
>
> >sessions 1, 2, & 3 exiting. Should be simple enough. Not sure what
> >would happen with a really heavily loaded system. Sylvain, can you give
> >us any statistics on Savannah? Average number of concurrent users,
> >frequency of commits, frequency all users exit, etc.?
> >
>
> Or the counter could just be stored in an unbounded char * buffer, with
> homegrown functions to handle the addition, and the counter would never
> need to be decremented. That wouldn't be so hard, really. Would be
> hard to DoS too - the number of operations required to increase the
> storage required by the counter would be related exponentially to its
> current size.
>
> I'm still not sure I'd want to reuse this value as the commitid, since
> NOW + 8 RANDOM BYTES would still be less likely not to collide when
> merged into another repository.
Agreed.
> Hrm. Perhaps the best solution would still be just to use the
> commitid? If we ever find a system where both time() and /dev/urandom
> are broken, then we can worry about using a counter as described above
> as a fallback?
I would actually suggest that if time() is broken on the server, that
using gpg should just be disabled as it will never be possible to
validate a signature in that case.
-- Mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)
iD8DBQFDQsSZCg7APGsDnFERAijjAJsFqRoNE172Fls3NSvLoJ7ekRTk+ACghSW3
SP9JcKN2+iLNR6xz6lIA/0E=
=7WQY
-----END PGP SIGNATURE-----
- Re: [task #4633] GPG-Signed Commits, Derek Price, 2005/10/03
- Re: [task #4633] GPG-Signed Commits, Jim Hyslop, 2005/10/03
- Re: [task #4633] GPG-Signed Commits, Frank Hemer, 2005/10/03
- Re: [task #4633] GPG-Signed Commits, Derek Price, 2005/10/03
- Re: [task #4633] GPG-Signed Commits, Bernd Jendrissek, 2005/10/05
- Re: [task #4633] GPG-Signed Commits, Alexander Taler, 2005/10/05
- Re: [task #4633] GPG-Signed Commits, Jim Hyslop, 2005/10/05
- Re: [task #4633] GPG-Signed Commits, Derek Price, 2005/10/05
- Re: [task #4633] GPG-Signed Commits, Jim Hyslop, 2005/10/05
- Re: [task #4633] GPG-Signed Commits, Derek Price, 2005/10/05