[Cryptech Core] git, again

Василий Долматов dol at reedcat.net
Mon Jan 13 07:44:15 UTC 2014

Previous message (by thread): [Cryptech Core] git, again
Next message (by thread): [Cryptech Core] git, again
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

13 янв. 2014 г., в 11:17, Rob Austein <sra at hactrn.net> написал(а):

> At Mon, 13 Jan 2014 15:59:02 +0900, Randy Bush wrote:
>> 
>>> - Don't attempt to automate enforcement of the signed commit policy,
>> 
>> why not?
> 
> Good to have, not critical path, or so went the thinking, such as it was.

Agree, not a critical path.

Once, again, implementing security measures it is necessary to start from threat model. Otherwise it becomes «Security Theatre» (c)

I now cannot imagine why key used for signing commits will be more secure than ssh-key used to get access to repository under given username.
I equally cannot see crucial difference between https and ssh access, demanding presence of latter one.

dol@

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4815 bytes
Desc: not available
URL: <https://lists.cryptech.is/archives/core/attachments/20140113/40d8018a/attachment.bin>

Previous message (by thread): [Cryptech Core] git, again
Next message (by thread): [Cryptech Core] git, again
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Core mailing list