Signing revisions in place
Jens Alfke
jens at mooseyard.com
Thu Oct 4 09:30:47 CDT 2007
On 4 Oct '07, at 12:13 AM, Peter Arrenbrecht wrote:
> Shouldn't there be some sort of check that the manifest hash is still
> valid after calling out to the signer? Is it impossible someone could
> sneak in changed files with a tampered-with signer? I realize the
> signed hash would then not correspond to the hash you'd get if you
> computed it again, but does hg check this again sometime? When?
If this were done, the signature in the changelog wouldn't validate.
So the revision wouldn't be signed, and anyone who checked would see
that something was wrong. So there's nothing to gain for naughty
committers trying to do this.
--Jens
More information about the Mercurial
mailing list