HEADS UP: FreeBSD src repo transitioning to git this weekend
Poul-Henning Kamp
phk at phk.freebsd.dk
Sat Jan 2 19:43:17 UTC 2021
--------
grarpamp writes:
> > No amount of cryptography can or will protect against that.
>
> Though it can help attribute that to a source,
No.
You would end up with the committer saying "it came in as a bug-report,
I looked at it, and it looked sensible so I committed it."
Unless you are going to *enforce* (how?!) that all committers only
commit patches they received under full cryptographic & biometric
custody from verified communications partners, it will always end
up being unattributable.
Even if you were able to pin the blame on a particular committer,
that person would simply cease to exist, because it was only a cover
identity to begin with.
> > As interesting as this thread has been (not!)
>
> Contrare.
> [...]
> Defense in depth.
... is a lot harder than most IT-people realize, because most
IT-people almost invariably ignore the entire human and political
aspect of the problem.
See also: "Operation Orchestra" by yours truly.
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
More information about the freebsd-current
mailing list