On 01.03.2007 23:25, Alexandre Julliard wrote:
Carl-Daniel Hailfinger c-d.hailfinger.devel.2006@gmx.net writes:
Now imagine a breakin on a site hosted on winehq. The consequences would be far worse than for the average toy project. Wine depends on people trusting us that the code is legally clean (especially due to various FUD campaigns claiming otherwise). A breakin will always result in claims that the codebase has been polluted with MS code.
You cannot modify the codebase even if you break into the server. Everything in the git repository is authenticated by its SHA-1, so any change would be immediately noticed.
I know about this special feature of git (basically not only every file is identified by its SHA-1 hash, but also the complete timeline and with that the complete repository are secured with SHA-1). There was a post on the linux-kernel list some time ago about this topic.
However, in case of a breakin there will always be somebody without this knowledge writing about the breakin. And nobody will read what we have to say about the security of git because the first article has always more readers than any followup or response.
Regards, Carl-Daniel