On 06/13/2014 08:54 AM, Rocki Hack wrote: > If you trust someone and he signed the commit then you also trust his > source. That's my point, though. You don't want a core developer to miss a cleverly placed back door and just trust the word of the core developer when that back door was there in the first place because someone impersonated another developer and the core developer that was reviewing the commit had no idea. It helps to prevent a situation like this because it's hard to impersonate someone when they sign everything. ------------------------------------------------------------------------ At the time of sending this message, I have not been contacted by any government official or worker regarding my participation in CipherShed or any related project. I have not been asked to supply any information to them that may be used to impersonate me nor have I been asked to aid the government or it's officials or workers in modifying part of CipherShed or any related project. I am not aware of any of my property or anything regarding me being bugged, searched, or compromised in any way. Anything that accepts PGP encryption or signing should have been cryptographically secured with my PGP key.
Attachment:
signature.asc
Description: OpenPGP digital signature