đ
Original date posted:2013-04-03
đ Original message:>> gpg signing commits, like the Linux kernel
> Though, honestly, when I ACK that means I read the code, which is more
> important than the author really. github seems fine for that still,
> though I do wonder if there is a race possible,
>
> * just before I click "pull", sneak rebases the branch to something evil
You might want to look at http://www.monotone.ca/, it does a good job
of integrating crypto and review primitives into the workflow.
It also has some reliable network distribution models (netsync) that work
well over things like Tor, in case a new developer (or old Satoshi) doesn't
wish to be in the public light.
http://www.monotone.ca/monotone.html
Once you have the crypto, it always boils down to human risk factors,
rogue, password, cracks, etc which are harder.
grarpamp [ARCHIVE] /
npub1rjâŚvs23t
2023-06-07 11:43:00
in reply to nevent1qâŚ0m8w
Author Public Key
npub1rjzq78n467z9ugxvfq6cyxdk8n3rtn8h92yjnrtene4a52g847rsgvs23tPublished at
2023-06-07 11:43:00Event JSON
{
"id": "97eb96acabf6c2cafe9f7705e49d51188a287ab2917cb687d2e9aaee5f64501a",
"pubkey": "1c840f1e75d7845e20cc48358219b63ce235ccf72a89298d799e6bda2907af87",
"created_at": 1686138180,
"kind": 1,
"tags": [
[
"e",
"376915607cf28908297a49c1e3bfa7d2a09a4c98505d9700468cfd7dda18d84b",
"",
"root"
],
[
"e",
"a8460107a56649bea1a74d30ba2f1e42231092272923977ed361a3e1ebec1f52",
"",
"reply"
],
[
"p",
"b25e10e25d470d9b215521b50da0dfe7a209bec7fedeb53860c3e180ffdc8c11"
]
],
"content": "đ
Original date posted:2013-04-03\nđ Original message:\u003e\u003e gpg signing commits, like the Linux kernel\n\n\u003e Though, honestly, when I ACK that means I read the code, which is more\n\u003e important than the author really. github seems fine for that still,\n\u003e though I do wonder if there is a race possible,\n\u003e\n\u003e * just before I click \"pull\", sneak rebases the branch to something evil\n\n\nYou might want to look at http://www.monotone.ca/, it does a good job\nof integrating crypto and review primitives into the workflow.\nIt also has some reliable network distribution models (netsync) that work\nwell over things like Tor, in case a new developer (or old Satoshi) doesn't\nwish to be in the public light.\n\nhttp://www.monotone.ca/monotone.html\n\nOnce you have the crypto, it always boils down to human risk factors,\nrogue, password, cracks, etc which are harder.",
"sig": "ca3f2e919e758cd2d763cb3c43fc090f5e388819f9197dd40d42f89b76fdc330d683c1f8bc96b050cf6cf34796094b55d8de19c2d39390c26b9a97eecd36eb13"
}