[tbb-dev] A proposal for signing commits with gpg
Nicolas Vigier
boklm at mars-attacks.org
Tue Apr 28 17:09:27 UTC 2020
On Tue, 28 Apr 2020, Santiago Torres-Arias wrote:
> On Tue, Apr 28, 2020 at 05:04:25PM +0200, Nicolas Vigier wrote:
> > On Tue, 28 Apr 2020, Santiago Torres-Arias wrote:
> >
> > > On Tue, Apr 28, 2020 at 04:42:47PM +0200, Nicolas Vigier wrote:
> > > > Hi,
> > > >
> > > > Attached is a proposal for signing commits with gpg.
> > > >
> > >
> > > Hi, this sounds incredibly useful. I'd love to contribute and also
> > > bring in the usage of push certificates where applicable? Is that
> > > something that has been considered?
> >
> > I have not considered it, because I didn't know push certificates
> > existed. Do you have more details about those push certificates?
>
> Yes!
>
> I think the best introduction is the patch series itself[1]. I also
> wrote a paper outlining the types of attacks when git references aren't
> signed at [2]. I feel that the full solution outlined in the paper may
> be too costly and it's not native to git, but signed push goes a long
> way in avoiding tag replacement attacks (e.g., check this patch for
> pacman[3]).
We also do something similar to pacman when verifying git tag
signatures:
https://gitweb.torproject.org/builders/rbm.git/commit/?id=e04f03f9626e993bb66d7784d258f95ca07bc769
However for the cases where we don't use a tag (in nightly builds), it
sounds like push certificates could be useful to check that the commit
we are using was intended for the branch we use. Is it something that
we can do with push certificates?
Nicolas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tbb-dev/attachments/20200428/74adc784/attachment.sig>
More information about the tbb-dev
mailing list