Tom Lord writes “Recent security problems at GNU Savannah, Debian, and in the linux kernel project raised the question: when projects store their revision control repositories on the network, and the hosts are compromised, might malicious code be quietly inserted into our shared source code resources?
In response to this newly urgent risk, the GNU arch project (one of several projects aiming to replace good ‘ol CVS) has made a development release, called tla-1.2pre0, which includes features for the cryptographic signing and verification of committed revisions. We invite the community to help us review the new design and code.
You can learn about GNU arch and the new features at http://arch.quackerhead.com/~lord“
Link: arch.quackerhead.com
Category:
- Free Software
