On Tue, Apr 2, 2024 at 9:43 PM Rowan Tommins [IMSoP] <imsop....@rwec.co.uk> wrote: > > Similarly, if you discover a compromised key or signing account, you can look > for uses of that key or account, which might be a tiny number from a non-core > contributor; if you discover a compromised account pushing unsigned commits, > you have to audit every commit in the repository.
Right, that and what Jakub mentioned are fair arguments. > I agree it's not a complete solution, but no security measure is; it's always > about reducing the attack surface or limiting the damage. Right. That was the original intention of my e-mail: To point out that we might also want to consider other mitigations. Not that we shouldn't do commit signing. Ilija