On 14/09/2021 20:02, James Bottomley wrote:
On Mon, 2021-09-13 at 19:31 +, Marvin Häuser wrote:
Hey Pedro,
Same point as before really, why would an attacker have access to
your SSH key but not your GPG key? This scenario leaves out the
possibly of an HTTPS over SSH attack, in which case a
On Mon, 2021-09-13 at 19:31 +, Marvin Häuser wrote:
> Hey Pedro,
>
> Same point as before really, why would an attacker have access to
> your SSH key but not your GPG key? This scenario leaves out the
> possibly of an HTTPS over SSH attack, in which case as a security-
> aware person you use
Hey Pedro,
Same point as before really, why would an attacker have access to your
SSH key but not your GPG key? This scenario leaves out the possibly of
an HTTPS over SSH attack, in which case as a security-aware person you
use 2FA of course ( :) ), which means this is not possible without
cr
Hi James, Marvin,
Interesting points of view.
I still have a question though: If any part of the process got
compromised (maintainer, or in the worst case scenario, the repo
itself), is there anything that could be done
in order to assess the damage? I'd say signing could help establish
trust in a
Hey,
Just my 2 cents...
Contributors: Git's stance is the author doesn't really matter as long
as the code is acceptable. For most people, you will not know them
anyway and it does not buy you much to know they own GitHub account XY.
If someone is impersonating a maintainer (who would push th
On Sat, 2021-09-11 at 19:25 +0100, Pedro Falcato wrote:
> Hi everyone,
>
> Yesterday, when pushing my first commits to edk2-platforms (as the
> Ext4Pkg maintainer), I noticed that my commits (see 7872c98 and
> 71f3343) stick out like a sore thumb, as I have GPG signing on my
> commits on by defaul
Hi everyone,
Yesterday, when pushing my first commits to edk2-platforms (as the
Ext4Pkg maintainer), I noticed that my commits (see 7872c98 and
71f3343) stick out like a sore thumb, as I have GPG signing on my
commits on by default (see git config commit.gpgsign), globally across
all my projects.
