http subversion URLs should be discontinued in favor of https URLs
Bakul Shah
bakul at bitblocks.com
Tue Dec 12 18:09:33 UTC 2017
On Tue, 12 Dec 2017 14:28:08 +0000 "Poul-Henning Kamp" <phk at phk.freebsd.dk> wrote:
>
> For the FreeBSD SVN tree, this could almost be as simple as posting
> an email, maybe once a week, with the exact revision checked out
> and the PGP signed output of:
>
> svn co ... && find ... -print | sort | xargs cat | sha256
>
> Such an archive would also be invaluable for reauthenticating in
> case, somebody ever manages to do something evil to our repo.
Sort of a public ledger. I have a vague memory of some project
*publishing* a crypto fingerprint of a collection of documents
in a well-known newspaper.... I think it was this one:
https://www.technologyreview.com/s/402961/fingerprinting-your-files/
Computing hashes of hashes is also the basis of a secure
timestamp service invented by Stuart Haber and Scott
Stornetta while the two were at Bellcore in 1990. The
service, called Surety, makes it possible to generate a
cryptographically secure and unforgeable proof that a
given document, photograph, or other file existed at a
particular time on a particular date and that it hasnt
been changed since.
The Surety technique works by computing a hash tree based
on the hash codes of every document being time-stamped.
The root of the tree is then published in a well-known
locationit could, for example, be printed in a classified
advertisement in the New York Times. You can prove that
your document existed on the day in question by showing
that your documents fingerprint was needed to generate the
fingerprint-of-fingerprints that appeared in the
newspaper.
Nowadays can you even trust NYT?!
More information about the freebsd-security
mailing list