A set of ideas pertaining to cryptographic validation of Git release branches and artifacts:https://gist.github.com/djspiewak/a6cef156708c6a95906d …
@djspiewak @puffnfresh we should definitely move away from SHA1, but the attacks are entirely hypothetical at this point
-
-
@bascule@puffnfresh Even beyond hypothetical attacks, signing the directory is very nice since it narrows the scope of detection.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@bascule@puffnfresh If a file is altered, Git signing detects it at the tree level. Directory signing can detect the file.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@bascule@puffnfresh So from a future proofing strategy, it’s more secure in a paranoid world. And in the now, it’s more informative.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.