Author: grarpamp 2013-04-03 15:52:49
Published on: 2013-04-03T15:52:49+00:00
The author of a post is discussing the importance of reading code when acknowledging it. They mention that signing commits, like in the Linux kernel, is important but reading the code is even more crucial. The author also wonders if there is a possibility for a race to occur just before they click "pull" where someone could sneakily rebase the branch to something evil. In response to this concern, the author suggests looking into monotone.ca, which integrates crypto and review primitives into the workflow and has reliable network distribution models that work well over things like Tor. They note that once you have the crypto, the human risk factors such as rogue, password, and cracks become harder to deal with.
Updated on: 2023-06-06T11:30:47.262507+00:00