[Freedombox-discuss] FreedomBox UI in your language
Elena ``of Valhalla'' Grandi
valhalla-d at trueelena.org
Thu Dec 3 12:35:06 UTC 2015
On 2015-12-03 at 10:12:13 +0530, Sunil Mohan Adapa wrote:
> This is not too different from our relaxed policy of allowing many
> developers to write to the repository (especially on Alioth). Any of
> their machines or SSH keys could get compromised and lead to malicious
> commits to the repository, but that will be easily identified and fixed.
> We can treat Weblate as one of our developers.
Can they?
It is easy to verify that old commits haven't been rewritten, but adding
a new, harmless looking, commit in the name of some existing dev isn't
that hard, and probably likely to pass unnoticed.
http://mikegerwitz.com/papers/git-horror-story.html
--
Elena ``of Valhalla''
More information about the Freedombox-discuss
mailing list