On 25 May 2015 at 09:33, Bastian Blank <wa...@debian.org> wrote: > On Mon, May 25, 2015 at 09:51:41AM +0200, Thomas Koch wrote: >> On Sunday 24 May 2015 13:02:38 Thomas Koch wrote: >> > Git supports signing of commits since version 1.7.9. Everybody should sign >> > git commits always. >> There is however the argument that by signing every commit by default one may >> accidentally publish a signature on some unverified code and somebody else >> may >> trust this code because of this. > > Much worse, do you trust all your development machines with your private > key? I clearly don't, as I neither have sole control over them, nor are > all of them located in jurisdictions I can expect any help against > seizure.
subkey on a smartcards / yubikey is good defence for that. My master key is in a more safe place, and it's easy to block out smartcard/yubikey. -- Regards, Dimitri. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CANBHLUgFzkdniiL=8e5n6azwbcd_xirfwyzmr1bysjovggs...@mail.gmail.com
