[PATCH] build: sign tarball instead of sha256sum
David Bremner
david at tethera.net
Thu Mar 14 18:49:44 PDT 2019
Daniel Kahn Gillmor <dkg at fifthhorseman.net> writes:
> So for some existing version Y of notmuch, if an attacker takes
> notmuch-Y.tgz and notmuch-Y.tgz.asc and renames them both to
> notmuch-Z.tgz and notmuch-Z.tgz.asc, they can make it look like a new
> version (version Z) of notmuch is available! The only way to detect the
> attack is to store a log of timestamps of previous releases, and try to
> compare timestamps (though this itself can be confusing and wrong if we
> were to maintain multiple branches concurrently). This permits a
> "rollback" or "version freeze" attack, which we probably don't want to
> encourage.
OK, so apparently this is a problem for almost every project, including
GnuPG? That's mildly terrifying...
I don't mind either way, but it does seem like there is a tradeoff,
since with the previous version I suspect many people are just not
verifying the signature (e.g. can uscan in debian handle the sha256sum
scheme?).
d
More information about the notmuch
mailing list