Re: please use signed git commits (and tags)

To: "debian-devel@lists.debian.org" <debian-devel@lists.debian.org>
Subject: Re: please use signed git commits (and tags)
From: Dimitri John Ledkov <xnox@debian.org>
Date: Tue, 26 May 2015 13:12:57 +0100
Message-id: <[🔎] CANBHLUgFzkdniiL=8e5n6aZWbcD_xiRfwyZMR1bySjOVgGs6UQ@mail.gmail.com>
In-reply-to: <[🔎] 20150525083306.GA8683@mail.waldi.eu.org>
References: <[🔎] 7094846.o8fEMBCxiD@x121e> <[🔎] 3844024.BrcdrFXiHE@x121e> <[🔎] 20150525083306.GA8683@mail.waldi.eu.org>

On 25 May 2015 at 09:33, Bastian Blank <waldi@debian.org> wrote:
> On Mon, May 25, 2015 at 09:51:41AM +0200, Thomas Koch wrote:
>> On Sunday 24 May 2015 13:02:38 Thomas Koch wrote:
>> > Git supports signing of commits since version 1.7.9. Everybody should sign
>> > git commits always.
>> There is however the argument that by signing every commit by default one may
>> accidentally publish a signature on some unverified code and somebody else may
>> trust this code because of this.
>
> Much worse, do you trust all your development machines with your private
> key?  I clearly don't, as I neither have sole control over them, nor are
> all of them located in jurisdictions I can expect any help against
> seizure.

subkey on a smartcards / yubikey is good defence for that. My master
key is in a more safe place, and it's easy to block out
smartcard/yubikey.

-- 
Regards,

Dimitri.

Reply to:

References:
- please use signed git commits (and tags)
  - From: Thomas Koch <thomas@koch.ro>
- Re: please use signed git commits (and tags)
  - From: Thomas Koch <thomas@koch.ro>
- Re: please use signed git commits (and tags)
  - From: Bastian Blank <waldi@debian.org>

Prev by Date: Re: Any Debian Developers in Phoenix, Arizona?
Next by Date: Bug#786889: ITP: media-types -- List of media types associated to file suffixes
Previous by thread: Re: please use signed git commits (and tags)
Next by thread: Bug#786702: ITP: debmake-doc -- Guide for Debian Maintainers
Index(es):
- Date
- Thread