Closed protocolpolice closed 3 months ago
Bruh, WTF?
hey Ben,
whats up ?
i've missed the start ;)
rob
Op 15-04-2024 15:31 EDT schreef Ben Peachey @.***>:
Bruh, WTF?
— Reply to this email directly, view it on GitHub https://github.com/MinBZK/nl-wallet/issues/6#issuecomment-2057655119, or unsubscribe https://github.com/notifications/unsubscribe-auth/A34CHHHIOBDYKBXNOIP3QDTY5QTITAVCNFSM6AAAAAA2G4NWAOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDANJXGY2TKMJRHE. You are receiving this because you authored the thread.Message ID: @.***>
Without further context the ticket body is significantly nonsensical.
Signing commits is common practice, GPG a common enough mechanism. SSH might be used, but what has any of this to do with letting "the content of the code" speak for itself?
The mind boggles. :face_with_spiral_eyes:
..lol
the magic doesn't happen in the signing, it's what the code does ( ..or doesn't in the wallet's case )
you're looking at it from a dev or enduser viewpoint, the attackers won't
there's an elephant in the room, digital currency, sidetrack on collision course
Op 17-04-2024 04:26 EDT schreef Ben Peachey @.***>:
Without further context the ticket significantly nonsensical.
Signing commits is common practice, GPG a common enough mechanism. SSH might be used, but what has any of this to do with letting "the content of the code" speak for itself?
The mind boggles. 😵
— Reply to this email directly, view it on GitHub https://github.com/MinBZK/nl-wallet/issues/6#issuecomment-2060691345, or unsubscribe https://github.com/notifications/unsubscribe-auth/A34CHHGXXEZQMNBDG3GWTVLY5YW2PAVCNFSM6AAAAAA2G4NWAOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDANRQGY4TCMZUGU. You are receiving this because you authored the thread.Message ID: @.***>
I'm afraid I don't fully understand your question. This project uses GPG-signed commits in the private version of this repository (which is synced to the public repository roughly every three weeks) to maintain an audit log about who added which who code. We settled on GPG because at the time, SSH-key signed commits were not available yet; they were introduced a few months later.
Feel free to reopen if you have another question.
line: 107 "all commits should be signed using a GPG key"
question: why care and [exclude] non-pgp, the content of the code speaks for itself?