inventory sha1 is not checked during routine operation
Bug #181143 reported by
Robert Collins
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Bazaar |
Confirmed
|
Medium
|
Unassigned | ||
Breezy |
Triaged
|
Medium
|
Unassigned |
Bug Description
We check that the sha1 of a stored inventory is what the knit thinks it
should be, but AFAICT we don't check that the revision object expected
that sha1 ;).
So we're safe against bit-errors in the inventory store, but not against
deliberate manipulation.
affects bzr
--
GPG key available at: <http://
Changed in bzr: | |
status: | Triaged → Confirmed |
tags: | added: check-for-breezy |
tags: | removed: check-for-breezy |
Changed in brz: | |
status: | New → Triaged |
importance: | Undecided → Medium |
To post a comment you must log in.
Is it enough to check the revision text against the stored inventory sha? (Rather than re-hashing the full-text at that time?)