Comments (6)
joshuagl
commented on June 11, 2024
1
What would be the value of signed commits? Would we still get that value from maintainers signing their commits?
Although 2FA reduces the risk of unauthorized commits from maintainers, signed commits reduce that risk even further. The threat model is rather specific, but I think it's especially valuable for our project.
My original comment should have read "Would we still get that value from only maintainers signing their commits"? To which, I think you're answering no?
I think it's worth pointing out that requiring signed commits places an additional barrier in the way of potential new contributors. That barrier may be an acceptable price to pay, given the nature of our project.
Do we need a TUF contributors key signing party in the post-pandemic era?
from taps.
trishankatdatadog
commented on June 11, 2024
1
My original comment should have read "Would we still get that value from only maintainers signing their commits"? To which, I think you're answering no?
I think so, yes, if at least for optics. If we talk about nation-state attacks, then we must take things seriously by signing our own commits, but that's just my 0.02 BTC.
I think it's worth pointing out that requiring signed commits places an additional barrier in the way of potential new contributors. That barrier may be an acceptable price to pay, given the nature of our project.
It certainly does place an additional barrier. One way we can solve the problem is by getting GitHub to automatically sign a PR that squashes all the commits from the web site. (Someone correct me if I'm wrong here.) It's much less valuable for contributors to sign their commits, because we can never be certain who they and what their intent really are, so it's on us to thoroughly vet their contributions.
Do we need a TUF contributors key signing party in the post-pandemic era?
🎉
from taps.
joshuagl
commented on June 11, 2024
Agreed that requiring >= 2 reviews, as in the specification repo, is a good idea.
We don't require signed commits anywhere else, are you suggesting we should? I'm not opposed, just trying to clarify.
from taps.
trishankatdatadog
commented on June 11, 2024
We don't require signed commits anywhere else, are you suggesting we should? I'm not opposed, just trying to clarify.
Might be a good idea to require 2FA, signed commits, and >= 2 reviews on all of our repos.
from taps.
joshuagl
commented on June 11, 2024
Completely agree with 2FA and >=2 reviews.
I'm wary about requiring signed commits, because managing GPG keys without a security token is not something I feel comfortable asking folks to do.
What would be the value of signed commits? Would we still get that value from maintainers signing their commits?
We could suggest for signed commits from all contributors and expect it from our maintainers (who I think all have YubiKeys).
from taps.
trishankatdatadog
commented on June 11, 2024
What would be the value of signed commits? Would we still get that value from maintainers signing their commits?
Although 2FA reduces the risk of unauthorized commits from maintainers, signed commits reduce that risk even further. The threat model is rather specific, but I think it's especially valuable for our project.
We could suggest for signed commits from all contributors and expect it from our maintainers (who I think all have YubiKeys).
Agreed, but it's hard to enforce this. One thing we can do is require signed commits, and use GitHub's automatic signing of merges.
from taps.
Related Issues (20)
- TAP process (TAP 1) HOT 7
- Allowing TAPs that are licensed with MIT or Apache 2.0? HOT 12
- TAP process: issue with pre-implementation phase visibility
- Discussion of TAP 15: Succinct hash bin delegations HOT 10
- Discussion of TAP 16: Snapshot Merkle trees HOT 3
- Discussion of TAP 12: Improving keyid flexibility HOT 4
- Discussion of TAP 14: Managing TUF Versions HOT 6
- Discussion of TAP 13: User Selection of the Top-Level Target Files Through Mapping Metadata HOT 1
- Discussion of TAP-17: Remove signature wrapper from TUF spec HOT 3
- POUF1 is out of date
- audit logs for root metadata changes
- Should POUF-1 allow whitespace for prettified output? HOT 2
- Define preferred style for wrapping and enforce with linter
- Discussion of Fulcio TAP (TAP 18) HOT 6
- [TAP 8] Should rotate files be listed in snapshot metadata? HOT 1
- Introduce a status for approved/accepted TAPs that are not intended to make it into the core specification
- TAP request: artifact discovery, index files and targets metadata HOT 1
- TAP 19: should discuss privacy HOT 1
- Support for downgrading/revoking a version? HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from taps.