re: git, signed commits, log verification, etc
Monotone supports a good bit of PKI within it...
http://monotone.ca/
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
On Mon, Sep 16, 2013 at 2:48 PM, zooko wrote:
> On Sun, Sep 08, 2013 at 08:28:27AM -0400, Phillip Hallam-Baker wrote:
> >
> > It think we need a different approach to source code management. Get rid
> of
> > user authentication completely, passwords and SSH are both a fragile
> > approach. Instea
On Sun, Sep 8, 2013 at 2:28 AM, Phillip Hallam-Baker wrote:
> This would be 'Code Transparency'.
>
> Problem is we would need to modify GIT to implement.
Git already supports signed comments. See the "-S" option to "git commit.
If you're paranoid, though, that still leaves someone getting on your
On 09/08/2013 05:28 AM, Phillip Hallam-Baker wrote:
every code update to the repository should be signed and
recorded in an append only log and the log should be public and enable any
party to audit the set of updates at any time.
This would be 'Code Transparency'.
Problem is we would need to
On Sat, Sep 07, 2013 at 07:42:33PM -1000, Tim Newsham wrote:
> Jumping in to this a little late, but:
>
> > Q: "Could the NSA be intercepting downloads of open-source
> > encryption software and silently replacing these with their own versions?"
> > A: (Schneier) Yes, I believe so.
>
> perhaps,
On Sun, Sep 8, 2013 at 1:42 AM, Tim Newsham wrote:
> Jumping in to this a little late, but:
>
> > Q: "Could the NSA be intercepting downloads of open-source
> > encryption software and silently replacing these with their own
> versions?"
> > A: (Schneier) Yes, I believe so.
>
> perhaps, but the