You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by Ben Reser <be...@reser.org> on 2005/04/21 23:51:36 UTC
1.2.0-rc2 tarballs up for testing/signing
Cut from r14393 on 1.2.x branch.
http://fornix.brain.org/subversion/
-rw-rw-r-- 1 svnrm svnrm 6982288 Apr 21 19:40 subversion-1.2.0-rc2.tar.bz2
-rw-rw-r-- 1 svnrm svnrm 8530849 Apr 21 19:40 subversion-1.2.0-rc2.tar.gz
-rw-rw-r-- 1 svnrm svnrm 11378889 Apr 21 19:44 subversion-1.2.0-rc2.zip
md5sums:
e308330a619aac4331263b19dda2a4bc subversion-1.2.0-rc2.tar.gz
342acdc60e41232ba3b686913e1cad24 subversion-1.2.0-rc2.tar.bz2
2d8d6d269c0567451cfc7aab2ecadbdb subversion-1.2.0-rc2.zip
sha1sums:
f1a6c296eba12e62b26c9060be11e3fd20e5a7d7 subversion-1.2.0-rc2.tar.gz
8ae73653cbbe8dbd573a86eeac7e7252f1dca080 subversion-1.2.0-rc2.tar.bz2
bdd3d2a11363710eb45b01f554633066bdcd1e72 subversion-1.2.0-rc2.zip
Please test and send me your signatures. Thank you.
--
Ben Reser <be...@reser.org>
http://ben.reser.org
"Conscience is the inner voice which warns us somebody may be looking."
- H.L. Mencken
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: 1.2.0-rc2 tarballs up for testing/signing
Posted by kf...@collab.net.
Andrew Thompson <su...@aktzero.com> writes:
> > If Ben Reser works for the NSA, then we're all in trouble, but then
> > again, how can you be sure your compiler isn't compromised anyway?
>
> "Woah... Time to switch to decaf, April!"
>
> I wasn't trying to start a big security stink, I just wanted to make
> sense out of the snippets of information I was seeing.
Gotcha; sorry for overreacting.
For the record, I don't drink any caffeine -- I'm naturally like this.
-Karl
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: 1.2.0-rc2 tarballs up for testing/signing
Posted by Andrew Thompson <su...@aktzero.com>.
kfogel@collab.net wrote:
> Andrew Thompson <su...@aktzero.com> writes:
>
>>So you're assuming that the tarball you received is good, or you
>>pulled and created your own tarball?
>>
>>If yes to the first part, isn't that a flawed scenario if an attacker
>>got to it before you signed it?
>
>
> News Flash: Perfect Security Impossible, details at 11.
>
> :-)
>
> Seriously. The signers confirm the checksums with the release manager
> by phone or other private, difficult-to-compromise channels. Only
> then do we sign the thing.
Now see, that wasn't mentioned. Adjust slightly to the right, and the
picture comes into focus!
> If Ben Reser works for the NSA, then we're all in trouble, but then
> again, how can you be sure your compiler isn't compromised anyway?
"Woah... Time to switch to decaf, April!"
I wasn't trying to start a big security stink, I just wanted to make
sense out of the snippets of information I was seeing.
(Later I'll ask about these "i10n" emails that seem to be posted to the
list every day.)
--
Andrew Thompson
http://aktzero.com/
Interested in a hosted SVN repository? Email me, let's talk...
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: 1.2.0-rc2 tarballs up for testing/signing
Posted by kf...@collab.net.
Andrew Thompson <su...@aktzero.com> writes:
> So you're assuming that the tarball you received is good, or you
> pulled and created your own tarball?
>
> If yes to the first part, isn't that a flawed scenario if an attacker
> got to it before you signed it?
News Flash: Perfect Security Impossible, details at 11.
:-)
Seriously. The signers confirm the checksums with the release manager
by phone or other private, difficult-to-compromise channels. Only
then do we sign the thing. If Ben Reser works for the NSA, then we're
all in trouble, but then again, how can you be sure your compiler
isn't compromised anyway?
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: 1.2.0-rc2 tarballs up for testing/signing
Posted by Andrew Thompson <su...@aktzero.com>.
Ben Collins-Sussman wrote:
>> Could someone explain to me the purpose of signatures when the sums
>> have been provided by the packager?
>
> "I, as a committer on the svn project, have hereby tested these tarballs
> and deem them suitable for release to the general public."
So you're assuming that the tarball you received is good, or you pulled
and created your own tarball?
If yes to the first part, isn't that a flawed scenario if an attacker
got to it before you signed it?
--
Andrew Thompson
http://aktzero.com/
Interested in a hosted SVN repository? Email me, let's talk...
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: 1.2.0-rc2 tarballs up for testing/signing
Posted by kf...@collab.net.
Ben Collins-Sussman <su...@collab.net> writes:
> > Could someone explain to me the purpose of signatures when the sums
> > have been provided by the packager?
>
> "I, as a committer on the svn project, have hereby tested these
> tarballs and deem them suitable for release to the general public."
And more importantly:
"I, as someone to whom you perhaps have a GPG/PGP trust path,
certify that the tarball you are downloading is the same one I
tested."
The point is that, with a sufficiently devious attacker, checksums can
be interfered with via a man-in-the-middle attack, but public-key
signatures cannot (or at least, it's *much* harder).
-Karl
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: 1.2.0-rc2 tarballs up for testing/signing
Posted by Ben Collins-Sussman <su...@collab.net>.
On Apr 22, 2005, at 8:50 AM, Andrew Thompson wrote:
> Ben Collins-Sussman wrote:
>>> md5sums:
>>> e308330a619aac4331263b19dda2a4bc subversion-1.2.0-rc2.tar.gz
>>> 342acdc60e41232ba3b686913e1cad24 subversion-1.2.0-rc2.tar.bz2
>>> 2d8d6d269c0567451cfc7aab2ecadbdb subversion-1.2.0-rc2.zip
>>>
>>> sha1sums:
>>> f1a6c296eba12e62b26c9060be11e3fd20e5a7d7 subversion-1.2.0-rc2.tar.gz
>>> 8ae73653cbbe8dbd573a86eeac7e7252f1dca080 subversion-1.2.0-rc2.tar.bz2
>>> bdd3d2a11363710eb45b01f554633066bdcd1e72 subversion-1.2.0-rc2.zip
>>>
>>> Please test and send me your signatures. Thank you.
>> Here's my signature for the .tar.gz:
>
> Could someone explain to me the purpose of signatures when the sums
> have been provided by the packager?
>
"I, as a committer on the svn project, have hereby tested these
tarballs and deem them suitable for release to the general public."
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: 1.2.0-rc2 tarballs up for testing/signing
Posted by Ben Reser <be...@reser.org>.
On Fri, Apr 22, 2005 at 09:50:33AM -0400, Andrew Thompson wrote:
> Ben Collins-Sussman wrote:
> >>md5sums:
> >>e308330a619aac4331263b19dda2a4bc subversion-1.2.0-rc2.tar.gz
> >>342acdc60e41232ba3b686913e1cad24 subversion-1.2.0-rc2.tar.bz2
> >>2d8d6d269c0567451cfc7aab2ecadbdb subversion-1.2.0-rc2.zip
> >>
> >>sha1sums:
> >>f1a6c296eba12e62b26c9060be11e3fd20e5a7d7 subversion-1.2.0-rc2.tar.gz
> >>8ae73653cbbe8dbd573a86eeac7e7252f1dca080 subversion-1.2.0-rc2.tar.bz2
> >>bdd3d2a11363710eb45b01f554633066bdcd1e72 subversion-1.2.0-rc2.zip
> >>
> >>Please test and send me your signatures. Thank you.
> >
> >Here's my signature for the .tar.gz:
>
> Could someone explain to me the purpose of signatures when the sums have
> been provided by the packager?
As Karl and Sussman have already said they exist to formalize our
testing procedures and as a more secure way of verifying the files.
But to add to what they've said. The main reason for wanting multiple
keys is to deal with potentially compromised keys. If for instance my
key were to become compromised and I were to revoke it then most people
would have to assume that all of my signatures were invalid. They
wouldn't have enough information to know what signatures they could
trust and what they couldn't.
By having multiple signatures on every release someone would have to
compromise all of the signers' keys. This would be very difficult and
improbable. Which helps keep the verification method useful far into
the future.
--
Ben Reser <be...@reser.org>
http://ben.reser.org
"Conscience is the inner voice which warns us somebody may be looking."
- H.L. Mencken
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: 1.2.0-rc2 tarballs up for testing/signing
Posted by Andrew Thompson <su...@aktzero.com>.
Ben Collins-Sussman wrote:
>> md5sums:
>> e308330a619aac4331263b19dda2a4bc subversion-1.2.0-rc2.tar.gz
>> 342acdc60e41232ba3b686913e1cad24 subversion-1.2.0-rc2.tar.bz2
>> 2d8d6d269c0567451cfc7aab2ecadbdb subversion-1.2.0-rc2.zip
>>
>> sha1sums:
>> f1a6c296eba12e62b26c9060be11e3fd20e5a7d7 subversion-1.2.0-rc2.tar.gz
>> 8ae73653cbbe8dbd573a86eeac7e7252f1dca080 subversion-1.2.0-rc2.tar.bz2
>> bdd3d2a11363710eb45b01f554633066bdcd1e72 subversion-1.2.0-rc2.zip
>>
>> Please test and send me your signatures. Thank you.
>
> Here's my signature for the .tar.gz:
Could someone explain to me the purpose of signatures when the sums have
been provided by the packager?
--
Andrew Thompson
http://aktzero.com/
Interested in a hosted SVN repository? Email me, let's talk...
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: 1.2.0-rc2 tarballs up for testing/signing
Posted by Ben Collins-Sussman <su...@collab.net>.
On Apr 21, 2005, at 6:51 PM, Ben Reser wrote:
> Cut from r14393 on 1.2.x branch.
>
> http://fornix.brain.org/subversion/
>
> -rw-rw-r-- 1 svnrm svnrm 6982288 Apr 21 19:40
> subversion-1.2.0-rc2.tar.bz2
> -rw-rw-r-- 1 svnrm svnrm 8530849 Apr 21 19:40
> subversion-1.2.0-rc2.tar.gz
> -rw-rw-r-- 1 svnrm svnrm 11378889 Apr 21 19:44
> subversion-1.2.0-rc2.zip
>
> md5sums:
> e308330a619aac4331263b19dda2a4bc subversion-1.2.0-rc2.tar.gz
> 342acdc60e41232ba3b686913e1cad24 subversion-1.2.0-rc2.tar.bz2
> 2d8d6d269c0567451cfc7aab2ecadbdb subversion-1.2.0-rc2.zip
>
> sha1sums:
> f1a6c296eba12e62b26c9060be11e3fd20e5a7d7 subversion-1.2.0-rc2.tar.gz
> 8ae73653cbbe8dbd573a86eeac7e7252f1dca080 subversion-1.2.0-rc2.tar.bz2
> bdd3d2a11363710eb45b01f554633066bdcd1e72 subversion-1.2.0-rc2.zip
>
> Please test and send me your signatures. Thank you.
>
Here's my signature for the .tar.gz:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
iD8DBQBCaPxQU0gaaOxrUVYRAq/jAJ4vJundo/TjLZlDhJ/y6KBAm624ZQCeM9I7
VG+jIarVbGl0RFGUaGYKWos=
=Oybd
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: 1.2.0-rc2 tarballs up for testing/signing
Posted by "Peter N. Lundblad" <pe...@famlundblad.se>.
On Thu, 21 Apr 2005, Ben Reser wrote:
> Cut from r14393 on 1.2.x branch.
>
Sorry if this is mentioned somewhere, but it the routine for testing and
signing documented anywhere?
Regards,
//Peter
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: 1.2.0-rc2 tarballs up for testing/signing
Posted by David Summers <da...@summersoft.fay.ar.us>.
On Fri, 22 Apr 2005, Jani Averbach wrote:
> On 2005-04-22 14:57-0700, Ben Reser wrote:
>>
>> Hmmm... With BDB and FSFS same result:
>>
>> svn: REPORT request failed on
>> '/repositories/update_tests-26/!svn/vcc/default'
>> svn: Working copy path 'foo & bar' does not exist in repository
>>
>> Only see it across DAV. Once again looks like someone wrote a test that
>> expects a failure and didn't make it work with DAV. *sigh*
>>
>
> Wait! both Brane's and mine test setup run the full test set over ra_dav,
> and I don't see any failures on svn-breakage.
>
I ran tests on it on Redhat 7.3, 8, 9, and RHEL3 with no problems....
--
David Wayne Summers "Linux: Because reboots are for hardware upgrades!"
david@summersoft.fay.ar.us PGP Key: http://summersoft.fay.ar.us/~david/pgp.txt
PGP Key fingerprint = 0B44 B118 85CC F4EC 7021 1ED4 1516 5B78 E320 2001
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: 1.2.0-rc2 tarballs up for testing/signing
Posted by Jani Averbach <ja...@jaa.iki.fi>.
On 2005-04-22 14:57-0700, Ben Reser wrote:
>
> Hmmm... With BDB and FSFS same result:
>
> svn: REPORT request failed on
> '/repositories/update_tests-26/!svn/vcc/default'
> svn: Working copy path 'foo & bar' does not exist in repository
>
> Only see it across DAV. Once again looks like someone wrote a test that
> expects a failure and didn't make it work with DAV. *sigh*
>
Wait! both Brane's and mine test setup run the full test set over ra_dav,
and I don't see any failures on svn-breakage.
BR, Jani
--
Jani Averbach
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: 1.2.0-rc2 tarballs up for testing/signing
Posted by Ben Reser <be...@reser.org>.
On Fri, Apr 22, 2005 at 02:57:17PM -0700, Ben Reser wrote:
> Hmmm... With BDB and FSFS same result:
>
> svn: REPORT request failed on
> '/repositories/update_tests-26/!svn/vcc/default'
> svn: Working copy path 'foo & bar' does not exist in repository
>
> Only see it across DAV. Once again looks like someone wrote a test that
> expects a failure and didn't make it work with DAV. *sigh*
Test works. Helps if I remember to install the Apache modules before I
run the dav test suite.
--
Ben Reser <be...@reser.org>
http://ben.reser.org
"Conscience is the inner voice which warns us somebody may be looking."
- H.L. Mencken
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: 1.2.0-rc2 tarballs up for testing/signing
Posted by Ben Reser <be...@reser.org>.
On Thu, Apr 21, 2005 at 04:51:36PM -0700, Ben Reser wrote:
> Cut from r14393 on 1.2.x branch.
>
> http://fornix.brain.org/subversion/
>
> -rw-rw-r-- 1 svnrm svnrm 6982288 Apr 21 19:40 subversion-1.2.0-rc2.tar.bz2
> -rw-rw-r-- 1 svnrm svnrm 8530849 Apr 21 19:40 subversion-1.2.0-rc2.tar.gz
> -rw-rw-r-- 1 svnrm svnrm 11378889 Apr 21 19:44 subversion-1.2.0-rc2.zip
>
> md5sums:
> e308330a619aac4331263b19dda2a4bc subversion-1.2.0-rc2.tar.gz
> 342acdc60e41232ba3b686913e1cad24 subversion-1.2.0-rc2.tar.bz2
> 2d8d6d269c0567451cfc7aab2ecadbdb subversion-1.2.0-rc2.zip
>
> sha1sums:
> f1a6c296eba12e62b26c9060be11e3fd20e5a7d7 subversion-1.2.0-rc2.tar.gz
> 8ae73653cbbe8dbd573a86eeac7e7252f1dca080 subversion-1.2.0-rc2.tar.bz2
> bdd3d2a11363710eb45b01f554633066bdcd1e72 subversion-1.2.0-rc2.zip
>
> Please test and send me your signatures. Thank you.
Hmmm... With BDB and FSFS same result:
CMD: svnadmin "create" "repositories/update_tests-26" "--bdb-txn-nosync"
"--fs-type=bdb" <TIME = 0.264648>
CMD: svnadmin dump "local_tmp/repos" | svnadmin load
"repositories/update_tests-26" <TIME = 0.002933>
CMD: svn "co" "--username" "jrandom" "--password" "rayjandom"
"http://localhost/repositories/update_tests-26"
"working_copies/update_tests-26" "--config-dir"
"/home/svnrm/subversion-1.2.0-rc2/subversion/tests/clients/cmdline/local_tmp/config"
<TIME = 0.393580>
CMD: svn "mkdir" "working_copies/update_tests-26/ foo & bar"
"--config-dir"
"/home/svnrm/subversion-1.2.0-rc2/subversion/tests/clients/cmdline/local_tmp/config"
<TIME = 0.062774>
CMD: svn "ci" "-m" "log msg" "working_copies/update_tests-26"
"--config-dir"
"/home/svnrm/subversion-1.2.0-rc2/subversion/tests/clients/cmdline/local_tmp/config"
<TIME = 0.827140>
CMD: svn "status" "-v" "-u" "-q" "--username" "jrandom" "--password"
"rayjandom" "working_copies/update_tests-26" "--config-dir"
"/home/svnrm/subversion-1.2.0-rc2/subversion/tests/clients/cmdline/local_tmp/config"
<TIME = 0.103251>
svn: REPORT request failed on
'/repositories/update_tests-26/!svn/vcc/default'
svn: Working copy path 'foo & bar' does not exist in repository
Only see it across DAV. Once again looks like someone wrote a test that
expects a failure and didn't make it work with DAV. *sigh*
--
Ben Reser <be...@reser.org>
http://ben.reser.org
"Conscience is the inner voice which warns us somebody may be looking."
- H.L. Mencken
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org