On Fri, 2008-05-02 at 06:41 +0000, James Henstridge wrote:
> The signature code in revisionview.py seems to be missing a particularly
> important feature: checking whether the signed revision testament
> matches the actual revision.
>
> Without doing that I can tamper with a branch while leaving the
> signatures as is, and bzr-gtk will pretend that the revision is okay.
Yes, that is a very real and important concern. I'll have a look at it
as soon as possible, but I won't be home until Monday. Is there an easy
way to generate a testament for a revision, so that it can be compared
to the signed one?
On Fri, 2008-05-02 at 06:41 +0000, James Henstridge wrote:
> The signature code in revisionview.py seems to be missing a particularly
> important feature: checking whether the signed revision testament
> matches the actual revision.
>
> Without doing that I can tamper with a branch while leaving the
> signatures as is, and bzr-gtk will pretend that the revision is okay.
Yes, that is a very real and important concern. I'll have a look at it
as soon as possible, but I won't be home until Monday. Is there an easy
way to generate a testament for a revision, so that it can be compared
to the signed one?
Cheers,
Daniel