-
Notifications
You must be signed in to change notification settings - Fork 94
Join crev gitter channel and let's talk! Or feel free to start hacking!
The design is open for adding support for PGP, Salty, Keybase and whatever else as identify systems.
Currently it is easiest for both the end user and the initial implementations to use its own public key based IDs, signing and WoT.
Please note that crev is just an additional line of defense, and does not
replace any others methods of securely handling your code and its dependencies.
It is part of crev's philosophy to rely on redundancy, instead of
trying to make everything "unbreakable". A compromised ID will just invalidate
itself and/or gets marked as untrustworthy by other users.
Also worth noting: systems like PGP that don't carry enough information. Just because you verified that someones PGP really belong to them, doesn't mean you trust their code review judgment. But the identity/singing system could be reused.