19 votes

How I gained commit access to Homebrew in 30 minutes

3 comments

  1. [2]
    what
    Link
    It seems strange for such an important project to not PGP sign commits. It’s not an end-all solution, but I’m sure it would help with security somewhat, and I don’t think having to type a password...

    It seems strange for such an important project to not PGP sign commits. It’s not an end-all solution, but I’m sure it would help with security somewhat, and I don’t think having to type a password when you make a commit has a huge impact on your workflow.

    5 votes
    1. lars
      Link Parent
      Reading through it, it looks like they just didn't make security a focal point. They wanted to achieve something and that's all their goal was. To make the project work. If that makes sense. But...

      Reading through it, it looks like they just didn't make security a focal point. They wanted to achieve something and that's all their goal was. To make the project work. If that makes sense. But you're right. It's irresponsible because they oniw how many people use openssl and should have audited better and have basic things in place like pgp commits.

      4 votes
  2. lars
    Link
    Very inreresting read. I have been reading somewhat relared stuff recently. So I am kind of on a kick for this stuff right now. I often think about public projects / open source things and how...

    Very inreresting read. I have been reading somewhat relared stuff recently. So I am kind of on a kick for this stuff right now.

    I often think about public projects / open source things and how them being open / public makes them vulnerable.

    I really like to read how people do things and why. Lately it's been DJANGO and the admin panel it comes with. I have been curious lately on how many people expand onto it / its authentication or build their own and why.

    3 votes