I don't think DVCS would have helped in any way. It's not the repository server itself that was compromised, AFAIK, but "only" the web interface. This allows password recovery and thus allows people to e.g. make malicious commits from a trusted account, but that would be no less true if there were a DVCS under it all.
agreed - but my question still stands:
Take SVN for instance - if I managed to hack into a SVN server, can I change the source code (under SVN management) in a way that would be undetectable ?
Repeat the same question for git, mercurial and CVS.
For CVS and svn: you can hide it until someone actually looks at the relevant code. For git: not really (as long as you assume you change only the data - clever attackers could serve one repository to the developers and another to .mil/the rest of the world/...) I don't know about mercurial, but I'd wager it's the same as git in this respect.
In either case, an attacker could add arbitrary commits, and the system administrator would roll back to the last known-good backup as soon as the compromise was detected. I don't think DVCSes help much here.
For CVS and svn: you can hide it until someone actually looks at the relevant code. For git: not really
I don't think DVCSes help much here.
Those statements sound contradictory.
Let me try to understand - the distributed aspects of DVCSes would not have helped here. But the incidental fact of checksums in DVCSes (maybe necessitated by the nature of "distributed") does help. Right ?
Not all that much. If I hack your SVN repository, I put something like "if ($password == "1337h4xx0r") $admin = 1" into an old revision and hope you don't notice it when inspecting code. If I hack your git repository, I make a commit with text "spelling fix: invole -> involve" and slip in something like the above. Yes, it's a bit easier to detect, but not all that much - most such breaches seem to be found by system administrators before the developers notice them. (The kernel.org source code breach was detected because some mirror failed to line up with the main repository, for instance)
Of course, a smart hacker would do something less obvious. See the obfuscated C contest for inspiration.
And again, this assumes that I do not have any other access. In reality, I could change your $PATH to invoke a trojaned git binary, or somesuch.
