When we use the tag_gpg_id option, rbm will check that a tag is gpg signed. However it does not check that the tag object contains the expected tag name, and git does not check that either. As discussed in legacy/trac#30479 (moved), this can allow rollback attacks.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Child items
...
Show closed items
Linked items
0
Link issues together to show that they're related.
Learn more.
is assuming that the first such line showing up is the one we want and an attacker can't get to enter fake tag lines (like they can do with a commit message) before that? If so, could we add a comment here?
s/helping fix/helping to fix/
Otherwise this looks good to me.
Trac: Status: needs_review to needs_revision Keywords: TorBrowserTeam201905R deleted, TorBrowserTeam201905 added
}}}
is assuming that the first such line showing up is the one we want and an attacker can't get to enter fake tag lines (like they can do with a commit message) before that? If so, could we add a comment here?
Looks good now, thanks. Merged to rbm's master (commit e04f03f9) and bumped version we use in tor-browser-build on master(commit 7526dc507738c0816d84e0746b041867e2b35f90) and maint-8.5 (commit 018ff64dc7fc5542dd8bca6621e2d86bd8ea06fd).