|
|
Subscribe / Log in / New account

Sourceforge Attack: Full Report

Sourceforge Attack: Full Report

Posted Jan 31, 2011 23:26 UTC (Mon) by rbrito (guest, #66188)
Parent article: Sourceforge Attack: Full Report

From the blog post, they have conjectured of removing the CVS access and offering the SVN for those that still want a centralized VCS.

Some of the responses on that blog post seem to indicate a strong resistance to move from CVS (probably the Windows people use tools to interact with their CVS repositories?).

The consistency point is yet another one where git helps the users a lot, for you'd just have to compare a few sha1 hashes and you'd be done to check if there was any corruption in that repository.

The users themselves would also quickly notice if something strange happened in this regard, when trying to use their repositories (fork, pull, push, merge etc.).

I don't know if sourceforge allows something like github's forking a repository and keeping a personal copy, or if they only allow repositories attached to projects...

BTW, for those that are familiar, are other DVCSes the same way as git, with hashes and so on?

to post comments

Sourceforge Attack: Full Report

Posted Feb 1, 2011 12:02 UTC (Tue) by dpotapov (guest, #46495) [Link]

> are other DVCSes the same way as git, with hashes and so on?

Mercurial uses SHA1 hashes in the same way as git, and both of them borrowed this idea from Monotone. Bazaar also uses SHA1 for integrity checking, but it relies UUIDs to identify revisions. If you signed your revisions in Bazaar (with gpg), they cannot be forged, but I don't know Bazaar well enough to tell what happens with non-signed revisions.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds