On 10/25/2017 04:29 PM, Emmanuel Charpentier wrote: > Ouch ! The security proble so well explained by William turns out to be > a much larger "social" problem... > > Worth atacking ? >
Not really... you can get commit access to sage.git by asking nicely. Ultimately, HTTPS is pointless unless you're trying to get the right file, and a signature on the file is pointless unless you trust the people doing the signing. Nobody is reading most of the code that gets committed, so the best assurance we can get with crypto is "somebody wrote some code and this is the code that they wrote." Namely, the same assurance you get without all the hoops. -- You received this message because you are subscribed to the Google Groups "sage-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to sage-devel+unsubscr...@googlegroups.com. To post to this group, send email to sage-devel@googlegroups.com. Visit this group at https://groups.google.com/group/sage-devel. For more options, visit https://groups.google.com/d/optout.