Kevin Fenzi wrote:
On Fri, Sep 16, 2022 at 10:03:35AM +0200, Vít Ondruch wrote:
> Isn't peer review much better and easier solution over all? We could also
> require signed commits I guess.
I think it would slow things down quite a lot to require peer review of
every commit.
I'd personally like to avoid anything where we need to support gpg.
It's a mess and I think it would waste a lot of cycles explaining how to
use it or help people get setup. ;( If there's some easier/more clear
way to sign things that could be a option tho.
Since git-2.34 (released in November of last year), ssh may
be used for signing commits and/or pushes. That's likely a
bit simpler than gpg.
On the other hand, if it's cached by ssh-agent and/or uses
the same key used to connect to dist-git, it might not add
as much to the security as we might want.
But it may be an option, in case it spurs anyone to come up
with a change which improves security and doesn't add too
much additional burden.
You mentioned ecdsa-sk / ed25519-sk FIDO authenticator
algorithms earlier. Git ssh-signed commit/push might be
useful if/when other parts of our infrastructure can make
use of those key types.
--
Todd