Re: Some thoughts on a new publication approach

On 21/10/2013 21:31 , Marcos Caceres wrote:
> On Monday, October 21, 2013 at 8:23 PM, Robin Berjon wrote:
>> Well, it's not necessarily an attack vector in that it may not be
>> malicious. But unless I've misunderstood some part of git (which is
>> certainly possible), what I'd like to avoid is the following:
>>
>> 1) User edits spec in git, does all sorts of things.
>> 2) Group likes it, pushes it to FPWD.
>> 3) FPWD is recorded as being SHA deadb33f.
>> 4) User realises that in one of the earlier commits, she added her
>> password to a file in the repository. The file can't just be changed, it
>> needs to be fully expunged. Ooops!*
>> 5) User runs git filter-branch --tree-filter 'rm -f passwords.txt' HEAD
>> 6) Every single commit has now changed. There is no longer any deadb33f
>> for FPWD to point to. We've broken the PP.
>>
>> At least, I'm pretty sure that that's possible.
> This seems like an extreme, and pretty far fetched, case - IMO.

I'm not sure what your criticism is supposed to be. It is a genuinely 
potential problem, and the solution comes at zero cost to editors (or 
anyone else for that matter) and with zero feature loss. So, the problem 
is what exactly?

-- 
Robin Berjon - http://berjon.com/ - @robinberjon

Received on Monday, 21 October 2013 19:35:09 UTC