On the security of our processes and infrastructure
Posted Sep 9, 2011 16:39 UTC (Fri) by JoeBuck
In reply to: On the security of our processes and infrastructure
Parent article: On the security of our processes and infrastructure
No, it wouldn't help. If the developer's system is compromised, the rootkit could see and intercept every action. The rootkit would simply wait for the developer to sign a commit, and then apply that signature to a different commit. The fact that the developer also had to enter a token from a smartcard or get her iris scanned is no defense if someone else owns the developer's machine.
to post comments)