On 06/13/2014 08:54 AM, Rocki Hack wrote:
> If you trust someone and he signed the commit then you also trust his
> source.
That's my point, though. You don't want a core developer to miss a
cleverly placed back door and just trust the word of the core developer
when that back door was there in the first place because someone
impersonated another developer and the core developer that was reviewing
the commit had no idea. It helps to prevent a situation like this
because it's hard to impersonate someone when they sign everything.
------------------------------------------------------------------------
At the time of sending this message, I have not been contacted by
any government official or worker regarding my participation in
CipherShed or any related project. I have not been asked to supply any
information to them that may be used to impersonate me nor have I been
asked to aid the government or it's officials or workers in modifying
part of CipherShed or any related project. I am not aware of any of my
property or anything regarding me being bugged, searched, or compromised
in any way. Anything that accepts PGP encryption or signing should have
been cryptographically secured with my PGP key.
Attachment:
signature.asc
Description: OpenPGP digital signature
