Hi,
after merging one more translation pull request, just by trusting the
>From header, fingers crossed that if an attacker had been spoofing
this header to game us, then the person being spoofed would notice
before any user is harmed... I'm wondering:
Would it sound crazy, too painful, or what, if we required l10n pull
requests to be OpenPGP-signed?
Notes:
* I'm only talking of the actual email requesting the merge.
I'm relying on the person requesting the merge to have checked that
the proposed diff doesn't contain anything nasty.
* Even if we don't strictly require this, perhaps translators who are
at ease with OpenPGP can start signing their pull requests
systematically? (So at least we know that an unsigned pull request
seemingly coming from them might be fishy.)
* I'm particularly concerned that this would raise the (already high)
barrier again for new translation teams, and new members of
existing teams.
* Introducing some amount of OpenPGP usage in here might be a first
step toward automating a bit the pull/merge workflow, some day.
But I can think of other ways to do that without involving OpenPGP.
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
