On Thu, Jun 5, 2014 at 9:20 AM, David Stainton <dstainton...@gmail.com> wrote:
> Like you... I am also curious what the Tails devs have to say about > all this... however I suggest following the principle of least > authority/privilege! > > https://en.wikipedia.org/wiki/Principle_of_least_privilege > > Why not just use peer review + gpg signed git release tags? Are you > saying that a US hosted git repo will be able to counterfeit git > commits even if you use gpg signed git release tags?... if so then I > don't know what else to suggest. > D'oh! I've seen git signed commits for years and always though, "What a paranoid coder!" That one is *very* obvious, and thanks for setting me straight! Bill
_______________________________________________ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
