On 1/16/23 13:34, rsbecker@xxxxxxxxxxxxx wrote:
On January 16, 2023 2:24 AM, Hans Petter Selasky wrote:
On 1/15/23 00:59, brian m. carlson wrote:
However, Git is moving in the direction of stronger cryptographic
algorithms, rather than insecure hashing algorithms. I don't think
your proposal is a good idea, nor do I think it's likely to be adopted.
I disagree. There is no need for signing in a version control system. It just makes it
harder to change things, like the right-to-repair. In my eyes there is a high chance
of abuse, by vendors that do no want others to flash or edit their device
firmwares.
Hi,
The two matters are completely isolated and distinct. In the OpenSource community, anyone typically has the right to modify. Please refer to the GPLv3, ECLIPSE, and MIT licenses for example. Those are the governing documents that permit modification and define intellectual property rights. Please consult those licenses with regards to right-to-repair statements that have no legal bearing on git or any other GPL-governed software product. In my view, the issue raised is a red herring that keeps getting brought up, which does not contribute positively to this request's discussion, but would presumably would increase the hit rate on web searches, to which this reply unfortunately contributes.
The use of cryptographic hash tags, allows one party to stay in control
of and monetize a project, actually by doing nothing more than
rebranding an existing product.
The assertion of no need for signing can apply to a centralized version control system, like SVN, because users are authenticated centrally, and the contribution can be made definitive without a separate signature, providing no one with root authority on the server hacks the repository. In the architecture of a distributed version control system (specifically git for this discussion), there is no evidence of origin of changes because the commit identity is cooperative rather than being enforced by a central authority and hacking the repository by root is detectible. The assertion of signing as abuse of rights is also an opinion that, so far, has no supporting evidence given. Perhaps a paper in a refereed journal might give this position some credibility.
From what I've read the GPLv3 goes pretty far to also provide flashing
rights for software, but what use is that, when flashing the unsigned
software on your Samsung phone, for example, some fuse breaks in the
hardware, and then you can no longer use certain apps on your phone?
My point is that signing is critical in a DVCS and a major function point used by DevOps architects for adopting git in new organizations. In the regulated world, FinTech, FDA, Aviation, etc., signing contributes to the evidence of origin of changes required by PCI and SWIFT (ref: section 6 in each regulation). Without signed tags (which the establishes the change origins for releases for production use), deployment becomes less certain and less acceptable to the audit community with whom I interact on a regular basis.
It's very clear to me, that supporting signing straight off the VCS,
will not help the opensource and right-to-repair community at all. It's
just ripe for abuse, like I say.
Hacking is prevented by using a secure copy mechanism between the
servers, which you can upgrade separately. You already see the problem,
SHA-1 is not good enough to prevent hacking. Why not just separate the
hacking preventing measures and the needs of a good VCS?
--HPS