Security
Jelmer Vernooij
jelmer at samba.org
Wed Nov 4 10:25:07 GMT 2009
On Wed, 2009-11-04 at 10:34 +0100, Mattias Eriksson wrote:
> ons 2009-11-04 klockan 09:35 +0100 skrev Joke de Buhr:
> > On Wednesday 04 November 2009 03:06:53 Stephen J. Turnbull wrote:
> > > Daniel Carrera writes:
> > > > Hello,
> > > >
> > > > Does Bazaar have any cryptographic security guarantees in the style
> > > > of Monotone, Git and Mercurial?
> > >
> > > Last I heard, only Monotone makes any pretense to security. Git and
> > > Mercurial provide a certain amount of automatic integrity checking,
> > > using a cryptographic quality hash. Whether that can be
> > > straightforwardly extended to security is another question; it depends
> > > a lot on workflows AFAIK.
> > >
> >
> > Git cryptographic protection is based an sha1 hashes. Each commit is
> > hashed much like you can hash files from command-line using sha1sum. The
> > hash is used as a revion id in git.
>
> The beauty of this hash in git is that the hash of the latest
> revistion is based on previous revisions, meaning that if you know
> that hash you can verify the integrity of the whole history not just
> that revision. I do not know if bazaar has this kind of mechanism
> built in to the revision hash.
yes, this is part of the testament sha1.
Cheers,
Jelmer
--
Jelmer Vernooij <jelmer at samba.org> - http://samba.org/~jelmer/
Jabber: jelmer at jabber.fsfe.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/bazaar/attachments/20091104/844fcc03/attachment.pgp
More information about the bazaar
mailing list