undefined | Better HN

0 pointsleni5361y ago0 comments

I'm not trying to find an attack vector, I'm trying to find a threat model where relying on non-signed commits on master is insecure, but relying on commits signed by the github key is secure.

If you are looking at and trusting github UI/API anyway as part of your verification, then you might as well just look at the green "verified" badge without actually verifying the signature locally. At which point actually signing by the github key is just useless ceremony.

0 comments

the_mitsuhiko1y ago

Again, I’m not sure I understand your point. The verification is a strong attestation by GitHub how that commit came to be. Without the verification I know absolutely nothing about the authorship of the commit.

j / k navigate · click thread line to collapse

0 comments

the_mitsuhiko1y ago

j / k navigate · click thread line to collapse