Re: [Tails-l10n] OpenPGP-signed pull requests?

Poista viesti

Vastaa
Lähettäjä: intrigeri
Päiväys:  
Vastaanottaja: Tails localization discussion
Aihe: Re: [Tails-l10n] OpenPGP-signed pull requests?
Hi,

Frithjof wrote (14 Jun 2014 12:50:31 GMT) :
> just interested: shouldn't this be much more of a problem for the parts
> of Tails that few people ever look at?


Quite possibly. I am merely trying to pick a low-hanging fruit here,
and definitely not tackling the broader problem.

> In another recent mail you mentioned PGP signed git commits,
> but I haven't found anything about that in the documentation
> (e.g. https://tails.boum.org/contribute/merge_policy/ doesn't mention
> signed commits). Do these provide enough protection?


We don't use signed commits yet, and I've personally not thought it
through either, in terms of if/how it would address our threat model.
Help is welcome :)

Cheers,
--
intrigeri