[ciphershed] Re: Decisions to be made

From: Bill Cox <waywardgeek@xxxxxxxxx>
To: ciphershed@xxxxxxxxxxxxx
Date: Sun, 22 Jun 2014 18:52:39 -0400

On Sun, Jun 22, 2014 at 1:34 PM, Rocki Hack <rocki.hack@xxxxxxxxx> wrote:

> I quote Linus Torvalds once again...
>
> "Well, you can (sign commits), but it's always going to be inferior to
> just adding a tag.
>
> The thing is, what is it you want to protect? The tree, the authorship,
> the committer info, the commit log, what?
>

We're protecting each set of changes pushed to github.  We have to protect
them from tampering.  If I pull some of your commits which are not signed
by you, there is a real possibility that someone at github is doing
something quite underhanded.  The possibilities are endless.

You do understand this simple attack, right?

Bill

Follow-Ups:
- [ciphershed] Re: Decisions to be made
  - From: Rocki Hack

References:
- [ciphershed] Decisions to be made
  - From: Niklas Lemcke - 林樂寬
- [ciphershed] Re: Decisions to be made
  - From: PID0
- [ciphershed] Re: Decisions to be made
  - From: Niklas Lemcke - 林樂寬
- [ciphershed] Re: Decisions to be made
  - From: Alain Forget
- [ciphershed] Re: Decisions to be made
  - From: Stephen R Guglielmo
- [ciphershed] Re: Decisions to be made
  - From: Alain Forget
- [ciphershed] Re: Decisions to be made
  - From: Rocki Hack

[ciphershed] Re: Decisions to be made

Other related posts: