[Cryptography] MITM source patching [was Schneier got spooked]

Tim Newsham tim.newsham at gmail.com
Sun Sep 8 13:47:37 EDT 2013

On Sun, Sep 8, 2013 at 2:28 AM, Phillip Hallam-Baker <hallam at gmail.com> wrote:
> This would be 'Code Transparency'.
> Problem is we would need to modify GIT to implement.

Git already supports signed comments. See the "-S" option to "git commit.
If you're paranoid, though, that still leaves someone getting on your
dev box and slipping in a small patch into code you're about to commit, or
just using your pgp keys themselves...

Next problems -- getting the right key to verify against.  Knowing what sets
of keys are allowed to sign for a particular project.

> Website: http://hallambaker.com/

Tim Newsham | www.thenewsh.com/~newsham | @newshtwit | thenewsh.blogspot.com

More information about the cryptography mailing list