httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Querna <>
Subject Re: Integrity of Apache source code
Date Fri, 21 Dec 2007 21:40:32 GMT
Nikolas Coukouma wrote:
> Ian Holsman wrote:
>> While open source is fantastic, and provides highly visible means.
>> It can still be hacked.
>> I can describe what has happened in this case:
>> 1. joe hacker hacks one of the 'open source groups' machines.
>> at this point he is assumed to have access to the source code repository.
> (snip)
>> b. he modifies the source code in the repository directly and in a
>> manner that doesn't generate an email/commit message.
>> when something like this occurs ( I'm not even sure if it is possible
>> in SVN, but I think it was in CVS) then the next time one of the core
>> developers update their version of the code they will see the code has
>> been changed...
> Assuming write access, you can modify REPO/hooks/post-commit.tmpl or
> whatever other hook you want to tamper with.

You can't so easily do that with  The SVN repository is
on a completely different machine than, where
committers have shell access.

Only a few ASF members have access to, and even fewer
have root access.


View raw message