undefined | Better HN

0 pointsthe_mitsuhiko11mo ago0 comments

I'm not really sure I follow. Can you explain the attack vector with squash signed commits today?

0 comments

I'm not trying to find an attack vector, I'm trying to find a threat model where relying on non-signed commits on master is insecure, but relying on commits signed by the github key is secure.

If you are looking at and trusting github UI/API anyway as part of your verification, then you might as well just look at the green "verified" badge without actually verifying the signature locally. At which point actually signing by the github key is just useless ceremony.

the_mitsuhikoOP11mo ago

Again, I’m not sure I understand your point. The verification is a strong attestation by GitHub how that commit came to be. Without the verification I know absolutely nothing about the authorship of the commit.

j / k navigate · click thread line to collapse

0 comments

leni53611mo ago

I'm not trying to find an attack vector, I'm trying to find a threat model where relying on non-signed commits on master is insecure, but relying on commits signed by the github key is secure.

the_mitsuhikoOP11mo ago

j / k navigate · click thread line to collapse