[Cryptography] MITM source patching [was Schneier got spooked]
Tim Newsham
tim.newsham at gmail.com
Sun Sep 8 13:47:37 EDT 2013
On Sun, Sep 8, 2013 at 2:28 AM, Phillip Hallam-Baker <hallam at gmail.com> wrote:
> This would be 'Code Transparency'.
>
> Problem is we would need to modify GIT to implement.
Git already supports signed comments. See the "-S" option to "git commit.
If you're paranoid, though, that still leaves someone getting on your
dev box and slipping in a small patch into code you're about to commit, or
just using your pgp keys themselves...
Next problems -- getting the right key to verify against. Knowing what sets
of keys are allowed to sign for a particular project.
> Website: http://hallambaker.com/
--
Tim Newsham | www.thenewsh.com/~newsham | @newshtwit | thenewsh.blogspot.com
More information about the cryptography
mailing list