Re: Why no secure code retrieval

emacs-orgmode@gnu.org archives
 help / color / mirror / code / Atom feed

From: Achim Gratz <Stromeko@nexgo.de>
To: emacs-orgmode@gnu.org
Subject: Re: Why no secure code retrieval
Date: Sun, 03 Jul 2016 20:25:16 +0200	[thread overview]
Message-ID: <87mvlymveb.fsf@Rainer.invalid> (raw)
In-Reply-To: CAH+LVpmmOLqpoYe5D9X01TBGbeUhooafKdZry76Ufv==ZdB0_A@mail.gmail.com

Konstantin Kliakhandler writes:
> For what it is worth, the current discussion is actually precisely what I
> was aiming at. I agree with your analysis of my Intended goals but
> completely disagree that SHA1 alone is any sort of guarantee.. To be
> precise, I don't just think that it doesn't provide much, but rather that
> alone it provides none at all. This is because I have no idea who produced
> a given SHA1 - whether it was Bastien, or a MITM attacker, or just someone
> who compromised the server.

Getting the same data via https doesn't give you that sort of guarantee
either, it only ensures that the data cannot be read and altered in
transport.  If the server or repo gets compromised, then it is game over
until someone notices that the server suddenly doesn't match up the
local clone.


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Waldorf MIDI Implementation & additional documentation:
http://Synth.Stromeko.net/Downloads.html#WaldorfDocs

next prev parent reply	other threads:[~2016-07-03 18:25 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-06-28 12:10 Why no secure code retrieval Konstantin Kliakhandler
2016-06-29  6:11 ` Arun Isaac
2016-06-30 11:50   ` Nicolas Goaziou
2016-07-02 14:18     ` Bastien Guerry
2016-07-02 16:51       ` Ian Barton
2016-07-03  7:09         ` Bastien Guerry
2016-07-03 15:11           ` Robert Klein
2016-07-03 15:20           ` Achim Gratz
2016-07-03 16:57           ` Robert Horn
2016-07-03 18:18             ` Konstantin Kliakhandler
2016-07-03 18:25               ` Achim Gratz [this message]
2016-07-03 20:12               ` Robert Horn
2016-07-03 22:36                 ` Konstantin Kliakhandler
2016-07-04  0:17                   ` Robert Horn
2016-07-04  6:15                     ` Konstantin Kliakhandler

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://www.orgmode.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87mvlymveb.fsf@Rainer.invalid \
    --to=stromeko@nexgo.de \
    --cc=emacs-orgmode@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/emacs/org-mode.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).