Jump to content

  • Log In with Google      Sign In   
  • Create Account


#ActualRavyne

Posted 26 January 2013 - 04:24 PM

Git explicitly tries to prevent editing by only referencing everything (files, folders, revisions) by their SHA-1 value. Presumably this is "secure" as long as you don't have a preimage attack on SHA-1 that runs in minutes/seconds. It is necessary in the case of a distributed system, too, because otherwise you have hardly any way of telling what's authentic and what was changed and tampered with.

 

QFE.

 

AFAIK this is actually one of the substantial philosophical differences between git and mercurial (hg) -- git is architected with security truly in mind, rather than something which is sort of an assumed by-product of revision control. Linus wanted to be sure that if the linux kernel source code was contaminated or just plain borked, accidentally or intentionally, that the warning flares would go up instantly. If you're in an environment where you cannot trust contributions (or where the consequences of being wrong are serious) then this additional attention to security might be important to you. I forget which of the *BSD's kernel repository was recently attacked, but it was, and a lot of work was lost, deadlines were missed, and much woe was had. There's always a possibility that disagreements between devs can escalate into malicious actions.

 

This also speaks to the distributed model in general somewhat -- with a centralized system you have to maintain the security of the repository and make sure its backed up because that's the one place that maintains the entire history. When you pull down a local copy of this source tree you only get the info that's relevant to that time. In a distributed system, *everyone* has the entire history, and even if the "central/official" repo was destroyed, it's solved by simply pushing it out from one of the devs' local copies. Linus has said that he doesn't even bother to back up the linux kernel source anymore, because he can just assume that its been replicated hundreds or thousands of times by devs all over the world -- way better than any RAID or backup strategy. Of course, you have to have many active developers before this is true, its just nice that the robustness of the system is directly related to how much its relied upon.


#2Ravyne

Posted 26 January 2013 - 04:24 PM

Git explicitly tries to prevent editing by only referencing everything (files, folders, revisions) by their SHA-1 value. Presumably this is "secure" as long as you don't have a preimage attack on SHA-1 that runs in minutes/seconds. It is necessary in the case of a distributed system, too, because otherwise you have hardly any way of telling what's authentic and what was changed and tampered with.

 

QFE.

 

AFAIK this is actually one of the substantial philosophical differences between git and mercurial (hg) -- git is architected with security truly in mind, rather than something which is sort of an assumed by-product of revision control. Linus wanted to be sure that if the linux kernel source code was contaminated or just plain borked, accidentally or intentionally, that the warning flares would go up instantly. If you're in an environment where you cannot trust contributions (or where the consequences of being wrong are serious) then this additional attention to security might be important to you. I forget which of the *BSD's kernel repository was recently attacked, but it was, and a lot of work was lost, deadlines were missed, and much woe was had. There's always a possibility that disagreements between devs can escalate into malicious actions.

 

This also speaks to the distributed model in general somewhat -- with a centralized system you have to maintain the security of the repository and make sure its backed up because that's the one place that maintains the entire history. When you pull down a local copy of this source tree you only get the info that's relevant to that time. In a distributed system, *everyone* has the entire history, and even if the "central/official" repo was destroyed, it's solved by simply pushing it out from one of the devs' local copies. Linus has said that he doesn't even bother to back up the linux kernel source anymore, because he can just assume that its been replicated hundreds or thousands of times by devs all over the world -- way better than any RAID or backup strategy. Of course, you have to have many active developers before this is true, its just nice that the robustness of the system is directly related to how much its relied upon.


#1Ravyne

Posted 25 January 2013 - 02:10 PM

Git explicitly tries to prevent editing by only referencing everything (files, folders, revisions) by their SHA-1 value. Presumably this is "secure" as long as you don't have a preimage attack on SHA-1 that runs in minutes/seconds. It is necessary in the case of a distributed system, too, because otherwise you have hardly any way of telling what's authentic and what was changed and tampered with.

 

QFE.

 

AFAIK this is actually one of the substantial philosophical differences between git and mercurial (hg) -- git is architected with security truly in mind, rather than something which is sort of an assumed by-product of revision control. Linus wanted to be sure that if the linux kernel source code was contaminated or just plain borked, accidentally or intentionally, that the warning flares would go up instantly. If you're in an environment where you cannot trust contributions (or where the consequences of being wrong are serious) then this additional attention to security might be important to you. I forget which of the *BSD's kernel repository was recently attacked, but it was, and a lot of work was lost, deadlines were missed, and much woe was had. There's always a possibility that disagreements between devs can escalate into malicious actions.

 

This also speaks to the distributed model in general somewhat -- with a centralized system you have to maintain the security of the repository and make sure its backed up because that's the one place that maintains the entire history. When you pull down a local copy of this source tree you only get the info that's relevant to that time. In a distributed system, *everyone* has the entire history, and even if the "central/official" repo was destroyed, it's solved by simply pushing it out from one of the devs' local copies. Linus has said that he doesn't even bother to back up the linux kernel source anymore, because he can just assume that its been replicated hundreds or thousands of times by devs all over the world -- way better than any RAID or backup strategy.


PARTNERS