Hi,
Frithjof wrote (14 Jun 2014 12:50:31 GMT) :
> just interested: shouldn't this be much more of a problem for the parts
> of Tails that few people ever look at?
Quite possibly. I am merely trying to pick a low-hanging fruit here,
and definitely not tackling the broader problem.
> In another recent mail you mentioned PGP signed git commits,
> but I haven't found anything about that in the documentation
> (e.g. https://tails.boum.org/contribute/merge_policy/ doesn't mention
> signed commits). Do these provide enough protection?
We don't use signed commits yet, and I've personally not thought it
through either, in terms of if/how it would address our threat model.
Help is welcome :)
Cheers,
--
intrigeri