Signing revisions in place
Peter Arrenbrecht
peter.arrenbrecht at gmail.com
Thu Oct 4 02:13:22 CDT 2007
On 10/4/07, Jens Alfke <jens at mooseyard.com> wrote:
> Would it be possible to generate the signature earlier, by *computing*
> the hash of the manifest before actually writing it out? So the
> sequence would be: get commit message, compute manifest hash, sign
> revision data, write manifest, write changeset.
Shouldn't there be some sort of check that the manifest hash is still
valid after calling out to the signer? Is it impossible someone could
sneak in changed files with a tampered-with signer? I realize the
signed hash would then not correspond to the hash you'd get if you
computed it again, but does hg check this again sometime? When?
-peo
More information about the Mercurial
mailing list