|
|
|
|
|
|
by schmuelio
1291 days ago
|
|
|
> unlike, e.g., “signing git commits with a yubikey”, which nobody cares enough about to attack I'm not so sure about this one, there's plenty of damage you could do if you were a malicious actor who could send trusted commits to a git repo. Especially if said repo were for some important software (like Linux, wget, glibc, etc. I know they're not necessarily on public repos but we're assuming at least somewhat targeted attacks here). |
|
|