Announced chat control by the EU
Robert J. Hansen
rjh at sixdemonbag.org
Thu Oct 9 22:30:52 CEST 2025
> Does such a project via Github (which is Microsoft) deserve trust? I'm
> not so sure about that.
That's unwarranted.
Source is controlled via git, the code in the repo can be trivially
audited against the developer's known-good repo, and they encourage
contributors to sign their commits with GnuPG. What more do you want?
MS has invested literally *billions* of dollars in making GitHub a
trusted software source, a solution to the (very big) industry problem
of supply chain security. If MS were to do any shenanigans with GitHub,
any at all, billions of dollars of value could be lost in a single day.
They have a very large financial interest in being an honest broker.
I may not trust Microsoft very much, but I trust their desire to make money.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251009/9da07c0c/attachment.sig>
More information about the Gnupg-users
mailing list