Hacker News new | ask | show | jobs
by giancarlostoro 678 days ago
> The one catch is that it relies on mostly trusting whoever has a commit bit.

Would the comparison not show that the person you're trusting goofed or is being malicious?
1 comments
rangerelf 678 days ago
In either case it would prompt closer examination.

If the dev goofed, then good thing it got caught.

If the dev is not trustworthy, then you have evidence of such untrustworthiness.

link