[Cryptech Core] git, again

Fredrik Thulin fredrik at thulin.net
Mon Jan 13 08:19:52 UTC 2014

Previous message (by thread): [Cryptech Core] git, again
Next message (by thread): [Cryptech Core] git, again
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Monday 13 January 2014 11.44.15 Василий Долматов wrote:
> 13 янв. 2014 г., в 11:17, Rob Austein <sra at hactrn.net> написал(а):
> > At Mon, 13 Jan 2014 15:59:02 +0900, Randy Bush wrote:
> >>> - Don't attempt to automate enforcement of the signed commit policy,
> >> 
> >> why not?
> > 
> > Good to have, not critical path, or so went the thinking, such as it was.
> 
> Agree, not a critical path.
> 
> Once, again, implementing security measures it is necessary to start from
> threat model. Otherwise it becomes «Security Theatre» (c)

IMO it would lessen the impact of a repository server compromise because 
commits could not be forged from there.

It would also give us much more to work with if/when the repository server 
and/or a committers workstation has been compromised.

I vote for signed commits, and also trying to automate enforcement. We also 
need client side verification of commit signatures when we pull from the 
repository server.

/Fredrik

Previous message (by thread): [Cryptech Core] git, again
Next message (by thread): [Cryptech Core] git, again
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Core mailing list