[146848] in cryptography@c2.net mail archive
Re: [Cryptography] MITM source patching [was Schneier got spooked]
daemon@ATHENA.MIT.EDU (Tim Newsham)
Sun Sep 8 15:33:26 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <CAMm+LwhmjKLdmME_5zQ7Zfggoww3ChJ=z95jEOdg-GZWzzBHYQ@mail.gmail.com>
Date: Sun, 8 Sep 2013 07:47:37 -1000
From: Tim Newsham <tim.newsham@gmail.com>
To: Phillip Hallam-Baker <hallam@gmail.com>
Cc: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On Sun, Sep 8, 2013 at 2:28 AM, Phillip Hallam-Baker <hallam@gmail.com> wrote:
> This would be 'Code Transparency'.
>
> Problem is we would need to modify GIT to implement.
Git already supports signed comments. See the "-S" option to "git commit.
If you're paranoid, though, that still leaves someone getting on your
dev box and slipping in a small patch into code you're about to commit, or
just using your pgp keys themselves...
Next problems -- getting the right key to verify against. Knowing what sets
of keys are allowed to sign for a particular project.
> Website: http://hallambaker.com/
--
Tim Newsham | www.thenewsh.com/~newsham | @newshtwit | thenewsh.blogspot.com
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
