guix-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

53/66: programming-2022: Address comments from reviewer C.

From: Ludovic Courtès
Subject: 53/66: programming-2022: Address comments from reviewer C.
Date: Wed, 29 Jun 2022 11:32:04 -0400 (EDT) 
civodul pushed a commit to branch master
in repository maintenance.

commit f9bb7bc36fee4e466ba7859e68fdb23015f8bc5e
Author: Ludovic Courtès <ludo@gnu.org>
AuthorDate: Thu Apr 28 14:40:09 2022 +0200

    programming-2022: Address comments from reviewer C.
    
    * doc/programming-2022/supply-chain.skb: Tweak.
---
 doc/programming-2022/supply-chain.skb | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/doc/programming-2022/supply-chain.skb 
b/doc/programming-2022/supply-chain.skb
index 4409b14..7259359 100644
--- a/doc/programming-2022/supply-chain.skb
+++ b/doc/programming-2022/supply-chain.skb
@@ -570,7 +570,10 @@ happened to GNU’s Savannah in 2010 ,(ref :bib 
'fsf2010:compromise).])
       (p [An attacker who gained access to the server hosting the Guix
 repository can push code, which every user would then pull.  The
 change might even go unnoticed and remain in the repository forever.
-They may also reset the main branch to an earlier revision, leading
+This cannot be addressed simply by having users check OpenPGP signatures
+on commits: that alone is of no use if users cannot tell whether the
+commit is indeed signed by an authorized party.
+An attacker may also reset the main branch to an earlier revision, leading
 users to install outdated software with known vulnerabilities—a ,(emph
 [downgrade attack]) ,(ref :bib '(cappos2008:attacks kuppusamy2017:mercury
 torresarias2016:omitting)).
@@ -636,8 +639,10 @@ which the developer was officially an authorized 
committer.])
 be described as ,(emph [in-band commit authorization]).  “In-band” means
 that the information necessary to determine whether a commit is
 legitimate—where it was ,(emph [authorized])—is available in the
-repository itself; this check can thus be made off-line, without
-resorting to a third party.  Authorization information follows the
+repository itself.  This check can thus be made off-line, without
+resorting to a third party; it can still be made on a copy of the
+repository, including an archived copy, years later.
+Authorization information follows the
 commit graph: the list of authorized signers for a commit is obtained
 ,(emph [in the parent commit(s)]).])
reply via email to
[Prev in Thread] Current Thread [Next in Thread]