Re: [Tails-l10n] OpenPGP-signed pull requests?

Borrar esta mensaxe

Responder a esta mensaxe
Autor: intrigeri
Data:  
Para: Tails localization discussion
Asunto: Re: [Tails-l10n] OpenPGP-signed pull requests?
Hi,

Frithjof wrote (14 Jun 2014 12:50:31 GMT) :
> just interested: shouldn't this be much more of a problem for the parts
> of Tails that few people ever look at?


Quite possibly. I am merely trying to pick a low-hanging fruit here,
and definitely not tackling the broader problem.

> In another recent mail you mentioned PGP signed git commits,
> but I haven't found anything about that in the documentation
> (e.g. https://tails.boum.org/contribute/merge_policy/ doesn't mention
> signed commits). Do these provide enough protection?


We don't use signed commits yet, and I've personally not thought it
through either, in terms of if/how it would address our threat model.
Help is welcome :)

Cheers,
--
intrigeri