[Python-Dev] PEP: Migrating the Python CVS to Subversion
James Y Knight
foom at fuhm.net
Thu Jul 28 23:58:03 CEST 2005
On Jul 28, 2005, at 4:20 PM, Guido van Rossum wrote:
> Managing users is especially important -- if a
> user is compromised (as has happened in the past for python.org users)
> the whole repository is compromised. Now this could happen to SF users
> too, but I'm not sure that we know all the tricks in the book to
> prevent attacks; SF has been doing this for years and that's an aspect
> of SF that I trust (I think I've heard that they have even modified
> their SSH server to be stricter).
If you use the fsfs storage mechanism for subversion, it is somewhat
simpler to verify that the repository is not compromised. Each commit
is represented as a separate file, and thus old commits are never
modified. Only new files are appended to the directory. If you have a
filesystem that allows "append-only" permissions on a directory, you
can enforce this directly. Additionally, it is possible in your
backup script to verify that only new files were added and nothing
else changed.
Then at least you know how much you need to examine instead of having
to treat the entire repository as possibly contaminated.
James
More information about the Python-Dev
mailing list