On Thu, 5 May 2016, John Crispin wrote:
Other than as a gee-wiz we-can-do-that, what's the actual value provided
by the signatures?
i dont plan to get into a discussion about why signing and crypto in
general is useful.
apart from that, its a feature widely adopted by others, git does not
have these features for sake of code bloat and people are asking for it
so i believe it is worth considering.
All I'm trying to do is have the consideration be more than "sprinkle encryption
around -> something improved"
In environments where everyone is known and there is a reason to be able to
track a particular commit back to an individual, signing commits is an obvious
win.
In an environment where the vast majority of people are unknown, and any signing
they are doing involves no liability, and no assurance that the person is who
they claim to be (other than claiming to be someone who has access to that
signing key), the value of signatures is much less.
By all means consider using them. I'm just saying that the project should be
able to state why with something other than "because we can" to the question of
"why should someone bother?"
David Lang
_______________________________________________
Lede-dev mailing list
Lede-dev@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/lede-dev
