Re: [Tails-dev] Secure development process?

Delete this message

Reply to this message
Author: Bill Cox
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] Secure development process?
On Thu, Jun 5, 2014 at 9:20 AM, David Stainton <dstainton415@???>
wrote:

> Like you... I am also curious what the Tails devs have to say about
> all this... however I suggest following the principle of least
> authority/privilege!
>
> https://en.wikipedia.org/wiki/Principle_of_least_privilege
>
> Why not just use peer review + gpg signed git release tags? Are you
> saying that a US hosted git repo will be able to counterfeit git
> commits even if you use gpg signed git release tags?... if so then I
> don't know what else to suggest.
>


D'oh! I've seen git signed commits for years and always though, "What a
paranoid coder!" That one is *very* obvious, and thanks for setting me
straight!

Bill