| >Well, first of all, them giving you the key doesn't prove they kept it. From all I know, it is discarded, not stored. Intelligence community has a maxim: evaluate adversaries on capabilities, not feelings. If you get the key from GitHub, they have the capability to escrow it. This violates the security model. End of story. Trust is a feeling, not an objective guarantee. >But even if they do keep it, github owns their own platform. If they wanted to do shit with your app, they wouldn't need the key for that, they could just skip any security that required the key. At some point, you either trust github to securely host your stuff, or you don't. Your "trusting" in this instance has no bearing on the security of the system. It is insecure by definition. The "Trust" you are speaking of is the same "Trust" the finance bros seek to cultivate at all costs. Which is the subjective freedom from aversion of making one's resources available to them to capitalize on. >In any case, keys are for protection from 3rd parties and an audit trail of who did what, neither of which are invalidated by github having access to their own platform. It is invalidated. All GitHub needs is a public key. The one and only reason to have the private key, is to be able to sign in the author's stead, which pops open the Pandora's box of malicious shadow modification; especially if all infra to do so is also hosted by GitHub as well. The private key is forbidden knowledge. The mere fact of having it taints the ultimate intentionality of the system. If it were truly meant for security, GH would never ever see the private side of that keypair. Objective capabilities. Not feelings. |