OpenBSD Journal

Portable OpenSSH commits now SSH-signed

Contributed by rueda on from the ouroboros dept.

Damien Miller (djm@) notes that all (new) commits to the portable OpenSSH repository are now signed using git's SSH signature support.

Further details are on the OpenSSH development mailing list:

[…]
We are in the process of converting the portable OpenSSH repository
to require signed commits, tags and pushes, using git's recent ssh
signature support. So far it's gone very smoothly, and we hope to have
it enforced for all commits soon.

We maintain our own git repository for portable OpenSSH, that is
automatically mirrored to github. We use "pre-receive" and "update"
hooks to check for signed pushes and tags/commits respectively, using
an in-repository allowed_signers file.
[…]

This is a most welcome process integrity improvement that hopefully will make the world trust our favorite SSH software even more.

(Comments are closed)


Comments
  1. By Janne Johansson (jj) jj@stacken.kth.se on http://www.inet6.se

    Even Dell? ;-)

    Comments
    1. By n/a (Cabal) on

      Love it!

    2. By Darren Tucker (dtucker) dtucker@openbsd.org on

      We could not possibly disclose.

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]