Re: [Tails-l10n] OpenPGP-signed pull requests?

Delete this message

Reply to this message
Autore: Frithjof
Data:  
To: Tails localization discussion
Oggetto: Re: [Tails-l10n] OpenPGP-signed pull requests?
Hi,

On Fri, Jun 13, 2014 at 11:34 PM, intrigeri <intrigeri@???> wrote:
> Hi,
>
> after merging one more translation pull request, just by trusting the
> From header, fingers crossed that if an attacker had been spoofing
> this header to game us, then the person being spoofed would notice
> before any user is harmed... I'm wondering:
>
> Would it sound crazy, too painful, or what, if we required l10n pull
> requests to be OpenPGP-signed?


just interested: shouldn't this be much more of a problem for the parts
of Tails that few people ever look at?

In another recent mail you mentioned PGP signed git commits,
but I haven't found anything about that in the documentation
(e.g. https://tails.boum.org/contribute/merge_policy/ doesn't mention
signed commits). Do these provide enough protection?

Cheers,
Frithjof