[PATCH] build: sign tarball instead of sha256sum

David Bremner david at tethera.net
Thu Mar 14 18:49:44 PDT 2019

Daniel Kahn Gillmor <dkg at fifthhorseman.net> writes:

> So for some existing version Y of notmuch, if an attacker takes
> notmuch-Y.tgz and notmuch-Y.tgz.asc and renames them both to
> notmuch-Z.tgz and notmuch-Z.tgz.asc, they can make it look like a new
> version (version Z) of notmuch is available!  The only way to detect the
> attack is to store a log of timestamps of previous releases, and try to
> compare timestamps (though this itself can be confusing and wrong if we
> were to maintain multiple branches concurrently).  This permits a
> "rollback" or "version freeze" attack, which we probably don't want to
> encourage.

OK, so apparently this is a problem for almost every project, including
GnuPG? That's mildly terrifying...

I don't mind either way, but it does seem like there is a tradeoff,
since with the previous version I suspect many people are just not
verifying the signature (e.g. can uscan in debian handle the sha256sum


More information about the notmuch mailing list