User: Password:
|
|
Subscribe / Log in / New account

Public Git hosting - pull request in signed email

Public Git hosting - pull request in signed email

Posted Oct 28, 2011 21:16 UTC (Fri) by neilbrown (subscriber, #359)
In reply to: Public Git hosting - pull request in signed email by giraffedata
Parent article: KS2011: Kernel.org report

If someone can do DNS spoofing, or break in to my server, then Linus can have no guarantee that what he pulled is what I wanted him to pull. Adding the SHA1 of the commit can give him that guarantee.

The mail reader I use (clawsmail) verifies email signatures quite nicely, and will even fetch keys for me. I don't think it warns me when someone changes keys which is something I would like.

Even emacs/vm can check mail signing...

I assumed that the bits that were too cumbersome were the signing and verification built in to git-tag.


(Log in to post comments)


Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds