- From: Robin Berjon <robin@w3.org>
- Date: Mon, 21 Oct 2013 21:34:57 +0200
- To: Marcos Caceres <w3c@marcosc.com>
- CC: Tobie Langel <tobie@w3.org>, "spec-prod@w3.org" <spec-prod@w3.org>
On 21/10/2013 21:31 , Marcos Caceres wrote: > On Monday, October 21, 2013 at 8:23 PM, Robin Berjon wrote: >> Well, it's not necessarily an attack vector in that it may not be >> malicious. But unless I've misunderstood some part of git (which is >> certainly possible), what I'd like to avoid is the following: >> >> 1) User edits spec in git, does all sorts of things. >> 2) Group likes it, pushes it to FPWD. >> 3) FPWD is recorded as being SHA deadb33f. >> 4) User realises that in one of the earlier commits, she added her >> password to a file in the repository. The file can't just be changed, it >> needs to be fully expunged. Ooops!* >> 5) User runs git filter-branch --tree-filter 'rm -f passwords.txt' HEAD >> 6) Every single commit has now changed. There is no longer any deadb33f >> for FPWD to point to. We've broken the PP. >> >> At least, I'm pretty sure that that's possible. > This seems like an extreme, and pretty far fetched, case - IMO. I'm not sure what your criticism is supposed to be. It is a genuinely potential problem, and the solution comes at zero cost to editors (or anyone else for that matter) and with zero feature loss. So, the problem is what exactly? -- Robin Berjon - http://berjon.com/ - @robinberjon
Received on Monday, 21 October 2013 19:35:09 UTC