Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I thought git itself provides authentication and integrity? In fact, if someone modifies the history of a branch that will raise all sorts of red flags the next time a legitimate user pushes.


Not modifying stuff on disk outside git, but using substituted keys to masquerade as a legitimate user and contribute evil code. It leaves an audit trail, but means you need to audit all contributes even those ostensibly from project owners.


Not really. If you make a new commit on top of the history, then nobody will notice unless you sign every commit (which i don't think is common practice).

Only modifying (existing) history will cause git to complain.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: