Re: HEADS UP: FreeBSD src repo transitioning to git this weekend

From: Poul-Henning Kamp <phk_at_phk.freebsd.dk>
Date: Sat, 02 Jan 2021 19:43:13 +0000
--------
grarpamp writes:

> > No amount of cryptography can or will protect against that.
>
> Though it can help attribute that to a source,

No.

You would end up with the committer saying "it came in as a bug-report,
I looked at it, and it looked sensible so I committed it."

Unless you are going to *enforce* (how?!) that all committers only
commit patches they received under full cryptographic & biometric
custody from verified communications partners, it will always end
up being unattributable.

Even if you were able to pin the blame on a particular committer,
that person would simply cease to exist, because it was only a cover
identity to begin with.

> > As interesting as this thread has been (not!)
>
> Contrare.
> [...]
> Defense in depth.

... is a lot harder than most IT-people realize, because most
IT-people almost invariably ignore the entire human and political
aspect of the problem.

See also:  "Operation Orchestra" by yours truly.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk_at_FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Sat Jan 02 2021 - 18:43:17 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:26 UTC