提交签名可以解决什么问题或威胁? [英] What problem or threat does commit signing solve?
问题描述
我们使用GitHub,并且有一个请求执行提交签名.在研究了过程之后,我不清楚提交签名解决了什么问题.据我了解的过程,有本地源代码" 被提交到本地存储库" ,并被推送到远程存储库" .因此,有三个框和两个箭头创建从本地源文件到远程存储库的有向图.对于最终用户,流程是相反的.
We use GitHub and we have a request to perform commit signing. After studying the process, it's not clear to me what problem commit signing solves. As I understand the process, there's "local source code" that gets committed to a "local repo" that gets pushed to a "remote repo". So there are three boxes, and two arrows creating a directed graph from the local source files to the remote repository. For the end user, the flows are reversed.
在所描述的模型中,似乎我们希望授权在推送到远程仓库时发生;和提交签名几乎没有任何好处.
In the model as described, it seems like we want the authorizations to occur at the push to the remote repo; and commit signings have nearly no benefit.
Git SCM手册, 7.4 Git工具-签名您的作品未说明要解决的问题.它确实告诉我寻找答案,但是:
The Git SCM manual, 7.4 Git Tools - Signing Your Work does not state the problem it is solving. It does tell me to hunt for the answer, however:
每个人都必须签名
Everyone Must Sign
签名标记和提交很棒,但是如果您决定在 您的正常工作流程,必须确保您的每个人 团队知道该怎么做.如果不这样做,最终将花费 很多时间帮助人们弄清楚如何重写自己的提交 带有签名版本.确保您了解GPG及其优势 在将其作为标准工作流程的一部分之前,先进行签名.
Signing tags and commits is great, but if you decide to use this in your normal workflow, you’ll have to make sure that everyone on your team understands how to do so. If you don’t, you’ll end up spending a lot of time helping people figure out how to rewrite their commits with signed versions. Make sure you understand GPG and the benefits of signing things before adopting this as part of your standard workflow.
我假设Git工程师已经对Git工作流程进行了建模.他们确定了一个问题(或多个问题),并放置了提交签名" 安全控制措施来进行补救.我想知道他们使用提交签名" 识别并解决了哪些问题.
I'm presuming the Git engineers have modeled the Git workflows. They identified a problem (or problems), and they placed the "commit signing" security control to remediate it. I'd like to know what problems they identified and solved with "commit signing".
我认为发生了什么事,人们正在混淆/混淆通过授权进行身份验证或代码完整性.不幸的是,尽管愿意这样做,但 并不是授权或代码完整性.
I think what has happened is folks are confusing/conflating Authentication with Authorization or maybe Code Integrity. Unfortunately, Authentication is not Authorization or Code Integrity despite the willingness to make it so.
git commit签名可以解决什么问题?
What problem does git commit signing solve?
推荐答案
提交签名所解决的问题与对文档进行数字签名所解决的问题相同:验证其作者的问题.
The problem that commit signing solves is the same problem that digitally signing a document solves: the problem of verifying its author.
由于只有作者拥有自己的私钥,因此只有他们才能自己签署提交.
Since only the author has their private key, only they can sign the commit as themselves.
如果我信任特定的提交者,并且他们已经签署了提交,则我可以信任他们的代码,而不必手动验证每一行.
If I trust an particular comitter and they have signed their commit, I can trust their code without necessarily hand-verifying every line.
请考虑以下情况:有人在github上分叉了您的存储库,然后添加了一堆提交,这为您的代码引入了安全漏洞.他们使用元组author name, author email, commit name, commit email设置为原始作者之一进行了这些提交.
Consider the case where someone forked your repository on github and then added a bunch of commits which introduced security vulnerabilities to your code. They made these commits with the tuple author name, author email, commit name, commit email set to one of the original authors.
没有提交签名,就无法验证他们不是原始作者.
Without commit signing, there is no way to verify that they are not the original author.
使用提交签名,由于伪造者没有作者的私钥,因此无法对这些伪造的提交进行签名.
With commit signing, these forged commits cannot be signed because the forger does not have the author's private key.
这篇关于提交签名可以解决什么问题或威胁?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
