[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Cvs-dev] Re: [Cvs-test-results] CVS trunk testing results (BSDI B
|
From: |
Derek R. Price |
|
Subject: |
Re: [Cvs-dev] Re: [Cvs-test-results] CVS trunk testing results (BSDI BSD/OS) |
|
Date: |
Mon, 08 May 2006 15:52:19 -0400 |
|
User-agent: |
Thunderbird 1.5.0.2 (Windows/20060308) |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mark D. Baushke wrote:
> I think I would rather see a single copy of the
>
> @strong{WARNING: Due to the sensitive nature of OpenPGP
> implementations, if you intend to employ CVS commit signatures as a
> security precaution, it is recommended that you make sure you are
> using an OpenPGP implementation with all the available security
> fixes. Check with the vendor of your OpenPGP implementation for
> information on its latest version.}
>
> text that is referenced rather than ten distinct copies of it.
Okay. I've attached a new patch. I noticed while I was working on it
that I neglected to document the `sign' and `verify' commands, but I
will work on that with the sign/verify help patch you suggested.
>>> Well, a reminder means a --version test, doesn't it?
>
> No. It does not.
>
> 1) There are at least two viable implementations of the OpenPGP
> standard as provided by RFC 2440. One is under the GPL and the
> other is a commercial product. The OpenPGP should try to be
> agnostic as to the particular implementation chosen.
At the moment, I'm inclined to only test GPG. Perhaps, if the
executable does not appear to be GPG, then sanity.sh should just print
a generic warning about the tests being intended for GPG and running
anyhow and remember to keep your implementation up-to-date if you are
relying on it for security.
> 2) Some vendors have been known to patch security concerns into
> down-revision releases of software. There is no way to know if 'gpg
> --version' which returns a '1.2.3' is or is not the latest version
> of the tool for a particular host operating system or not.
True, but since this is only a warning, it shouldn't hurt to ignore
that and remind the user to check when the version doesn't look
up-to-date as far as we knew as of the CVS release date.
It occurs to me that it isn't uncommon for a user to be running a 5
year old version of CVS, which would only warn about versions of GPG
also at least 5 years old, making this whole exercise seem a bit
pointless anyhow. Then again, at least there would be potentially
useful warnings for people who kept up with CVS.
Regards,
Derek--
Derek R. Price
CVS Solutions Architect
Get CVS support at Ximbiot <http://ximbiot.com>!
v: +1 248.835.1260
f: +1 248.835.1263
<mailto:address@hidden>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (Cygwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFEX6FyLD1OTBfyMaQRAvUfAKDp51FlkKFbg8BCMC+hjYgm+eF6GwCg15lG
HLw8fveeGxSuV2Q3MRiPmV0=
=Ju+2
-----END PGP SIGNATURE-----
Index: doc/ChangeLog
===================================================================
RCS file: /cvsroot/cvs/ccvs/doc/ChangeLog,v
retrieving revision 1.954
diff -u -p -r1.954 ChangeLog
--- doc/ChangeLog 24 Apr 2006 18:50:24 -0000 1.954
+++ doc/ChangeLog 8 May 2006 19:49:33 -0000
@@ -1,3 +1,8 @@
+2006-05-08 Derek Price <address@hidden>
+
+ * cvs.texinfo (OpenPGP Signed Commits): New node.
+ (Global options, The connection method): Reference new node.
+
2006-01-20 Derek Price <address@hidden>
* cvsclient.text (Requests): Document Base-diff response.
Index: doc/cvs.texinfo
===================================================================
RCS file: /cvsroot/cvs/ccvs/doc/cvs.texinfo,v
retrieving revision 1.680
diff -u -p -r1.680 cvs.texinfo
--- doc/cvs.texinfo 24 Apr 2006 18:50:25 -0000 1.680
+++ doc/cvs.texinfo 8 May 2006 19:49:36 -0000
@@ -170,6 +170,7 @@ CVS and the Real World.
* Tracking sources:: Tracking third-party sources
* Builds:: Issues related to CVS and builds
* Special Files:: Devices, links and other non-regular files
+* OpenPGP Signed Commits:: Knowing who committed a revision, securely
References.
-----------
@@ -2334,6 +2335,9 @@ options, CVS will autonegotiate signing,
server supports it. May be overridden by the @samp{--sign} and
@samp{--no-sign}
global options (@pxref{Global options}).
address@hidden: @ref{OpenPGP Signed Commits} for more on using OpenPGP
+signatures securely.}
+
@item address@hidden
Use @var{template} as the command line template to generate OpenPGP signatures.
Format strings in this template are substituted before the command is run:
@@ -2356,11 +2360,17 @@ IS overridden by the @samp{--sign-templa
@pxref{Global options} and defaults to
@samp{/usr/bin/gpg --detach-sign --output - %t %a %s}.
address@hidden: @ref{OpenPGP Signed Commits} for more on using OpenPGP
+signatures securely.}
+
@item textmode
The value passed to both in place of %t in both the OpenPGP signature
and the OpenPGP verification command line templates. Defaults to
@samp{--textmode}.
address@hidden: @ref{OpenPGP Signed Commits} for more on using OpenPGP
+signatures securely.}
+
@item verify
@itemx no-verify
Force OpenPGP signature verification on checkout off, or set the failure mode.
@@ -2371,6 +2381,9 @@ received. If the server does not suppor
of @samp{fatal} will disallow the entire checkout. May be overridden by the
@samp{--verify} and @samp{--no-verify} global options (@pxref{Global options}).
address@hidden: @ref{OpenPGP Signed Commits} for more on using OpenPGP
+signatures securely.}
+
@item address@hidden
Use @var{template} as the command line template to verify OpenPGP signatures.
Format strings in this template are substituted before the command is run:
@@ -2396,6 +2409,9 @@ for the signed file and a non-zero exit
overridden by the @samp{--verify-template} global command line option
@pxref{Global options} and defaults to something like
@samp{/usr/bin/gpg --detach-sign --output - %t %a %S %s}.
+
address@hidden: @ref{OpenPGP Signed Commits} for more on using OpenPGP
+signatures securely.}
@end table
As a further example, to combine both the @code{CVS_RSH} and @code{CVS_SERVER}
@@ -8176,6 +8192,24 @@ supported.
@end ignore
@c ---------------------------------------------------------------------
address@hidden OpenPGP Signed Commits
address@hidden OpenPGP Signed Commits
+
address@hidden OpenPGP Signatures
address@hidden Commit Signatures
+OpenPGP signatures can be used at commit time to securely record the author of
+a change using public key encryption and at checkout time to verify the author
+of the revision being checked out is trusted.
+
+See @ref{Global options} and @ref{The connection method} for more.
+
address@hidden: Due to the sensitive nature of OpenPGP implementations, if you
+intend to employ CVS commit signatures as a security precaution, it is
+recommended that you make sure you are using an OpenPGP implementation with all
+the available security fixes. Check with the vendor of your OpenPGP
+implementation for information on its latest version.}
+
address@hidden
---------------------------------------------------------------------
@c ----- START MAN 1 -----
@node CVS commands
@appendix Guide to CVS commands
@@ -8608,6 +8642,9 @@ of these options, CVS will autonegotiate
when the server supports it. Overrides the @samp{sign} and @samp{no-sign}
method options.
address@hidden: @ref{OpenPGP Signed Commits} for more on using OpenPGP
+signatures securely.}
+
@item --sign-template @var{template}
Use @var{template} as the command line template to generate OpenPGP signatures.
Format strings in this template are substituted before the commit is run:
@@ -8629,11 +8666,17 @@ This template should send the generated
Overrides the @samp{sign-template} method option and defaults to something like
@samp{/usr/bin/gpg --detach-sign --output - %t %a %s}.
address@hidden: @ref{OpenPGP Signed Commits} for more on using OpenPGP
+signatures securely.}
+
@item --textmode
The value passed to both in place of %t in both the OpenPGP signature
and the OpenPGP verification command line templates. Defaults to
@samp{--textmode}.
address@hidden: @ref{OpenPGP Signed Commits} for more on using OpenPGP
+signatures securely.}
+
@item --verify
@itemx --no-verify
Force OpenPGP signature verification on checkout off, or set the failure mode.
@@ -8644,6 +8687,9 @@ received. If the server does not suppor
of @samp{fatal} will disallow the entire checkout. Overrides the @samp{verify}
and @samp{no-verify} method options (@pxref{The connection method}).
address@hidden: @ref{OpenPGP Signed Commits} for more on using OpenPGP
+signatures securely.}
+
@item address@hidden
Use @var{template} as the command line template to verify OpenPGP signatures.
Format strings in this template are substituted before the command is run:
@@ -8669,6 +8715,9 @@ for the signed file and a non-zero exit
@samp{verify-template} method option @pxref{The connection method} and
defaults to something like
@samp{/usr/bin/gpg --detach-sign --output - %t %a %S %s}.
+
address@hidden: @ref{OpenPGP Signed Commits} for more on using OpenPGP
+signatures securely.}
@end table
@c - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Re: [Cvs-dev] Re: [Cvs-test-results] CVS trunk testing results (BSDI BSD/OS), Mark D. Baushke, 2006/05/08