|
|
|
|
|
|
by zbentley
376 days ago
|
|
|
Setting aside malicious government employees, the authN part of this seems like something for which technical solutions exist. Governments could operate PKI trusts and link their employees’ development credentials (in the US, this would be a PIV card or something like it) to that certificate chain. Commits, or committer identity, could be signed via that chain. The dual security of “physical/secure individual credential signing via an available-on-internal-government-network-only authority”, with a public authority available for validation, seems like it would be so secure as to be … close enough for government work. |
|
|