[Freedombox-discuss] FreedomBox UI in your language

Subject: [Freedombox-discuss] FreedomBox UI in your language
From: sunil@medhas.org (Sunil Mohan Adapa)
Date: Thu, 3 Dec 2015 19:49:57 +0530
Message-id: <[🔎] 56604F8D.1080001@medhas.org>
In-reply-to: <[🔎] 20151203123506.GB8173@manillaroad.local.home.trueelena.org>
References: <565D9613.7020309@hyperlecture.net> <[🔎] 565D96CA.8060906@hyperlecture.net> <[🔎] 1448997768.1825.6.camel@gmx.de> <[🔎] 565ECAE0.7020308@hyperlecture.net> <[🔎] 565ECED0.4000608@mikini.dk> <[🔎] 565ED6D5.8050800@hyperlecture.net> <[🔎] 2flwpsxkqam.fsf@diskless.uio.no> <[🔎] 565FC825.5000403@medhas.org> <[🔎] 20151203123506.GB8173@manillaroad.local.home.trueelena.org>

On 12/03/2015 06:05 PM, Elena ``of Valhalla'' Grandi wrote:
> On 2015-12-03 at 10:12:13 +0530, Sunil Mohan Adapa wrote:
>> This is not too different from our relaxed policy of allowing many
>> developers to write to the repository (especially on Alioth).  Any of
>> their machines or SSH keys could get compromised and lead to malicious
>> commits to the repository, but that will be easily identified and fixed.
>>  We can treat Weblate as one of our developers.
> 
> Can they?
> 
> It is easy to verify that old commits haven't been rewritten, but adding
> a new, harmless looking, commit in the name of some existing dev isn't
> that hard, and probably likely to pass unnoticed.
> 
> http://mikegerwitz.com/papers/git-horror-story.html
> 

Thank you for sharing.  I have not read fully yet, but signed commits
and automatic verification are something have to do in FreedomBox (I
hope soon).

-- 
Sunil

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20151203/39f9e7d2/attachment.sig>

Reply to:

References:
- [Freedombox-discuss] FreedomBox UI in your language
  - From: philophil_debian@hyperlecture.net (Philippe)
- [Freedombox-discuss] FreedomBox UI in your language
  - From: ndcdhimdsa@gmx.de (Dietmar)
- [Freedombox-discuss] FreedomBox UI in your language
  - From: philophil_debian@hyperlecture.net (Philippe)
- [Freedombox-discuss] FreedomBox UI in your language
  - From: miki@mikini.dk (Mikkel Kirkgaard Nielsen)
- [Freedombox-discuss] FreedomBox UI in your language
  - From: philophil_debian@hyperlecture.net (Philippe)
- [Freedombox-discuss] FreedomBox UI in your language
  - From: pere@hungry.com (Petter Reinholdtsen)
- [Freedombox-discuss] FreedomBox UI in your language
  - From: sunil@medhas.org (Sunil Mohan Adapa)
- [Freedombox-discuss] FreedomBox UI in your language
  - From: valhalla-d@trueelena.org (Elena ``of Valhalla'' Grandi)

Prev by Date: [Freedombox-discuss] FreedomBox UI in your language
Next by Date: [Freedombox-discuss] FreedomBox UI in your language
Previous by thread: [Freedombox-discuss] FreedomBox UI in your language
Next by thread: [Freedombox-discuss] FreedomBox UI in your language
Index(es):
- Date
- Thread