subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thorsten Schöning <>
Subject Re: Cryptographic hash computations for a revision range on the repository side
Date Tue, 21 Jan 2014 08:46:20 GMT
Guten Tag Thierry Moreau,
am Dienstag, 21. Januar 2014 um 05:11 schrieben Sie:

> Digital signatures require public/private key protections, just shifting
> the problem to yet another security challenge.

And what's the difference to your proposed solution? You are simply
re-inventing signatures without any benefit, in your case the
generated hash is your "yet another security challenge" and simply
comparable to a private key. But signatures would have the benefit
that you only need to protect the one and only private key used to
create them, not an amount of hashes or use algorithms which are based
on former generated hashes and such stuff.

I don't see any benefit, just sign your revision ranges and check
them. You would even have much better tool support and wouldn't need
to reinvent the wheel.

Mit freundlichen Grüßen,

Thorsten Schöning

Thorsten Schöning
AM-SoFT IT-Systeme

Telefon...........05151-  9468- 55
Fax...............05151-  9468- 88
Mobil..............0178-8 9468- 04

AM-SoFT GmbH IT-Systeme, Brandenburger Str. 7c, 31789 Hameln
AG Hannover HRB 207 694 - Geschäftsführer: Andreas Muchow

View raw message