Junio C Hamano <gitster@xxxxxxxxx> writes: > The world is not so blank-and-white. Trust is ultimately among humans. If > this message is not from the real Junio, don't you think you will hear > something like "No, that c6ba05... is forgery, please don't use it!" from > him, when he finds this message on the Git mailing list? If he does not > exercise diligence to even do that much, does he deserve your trust in the > first place? This assumes you will see the message, so while it does solve simple attacks like sending an email with a fake From: header to the actual list, it does not solve more advanced attacks like compromising kernel.org's mailing-list server to avoid delivering you the forged email. I know I'm being a little paranoid here, but given the recent events with kernel.org, maybe we should be that paranoid :-(. -- Matthieu Moy http://www-verimag.imag.fr/~moy/ -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html