Whonix Wiki Download Docs News Support Tips Issues Contribute DONATE

hardenize whonix/kicksecure code edits/branches on github

There are some nice options might be worth to look at and enable whats important on github:

For branches there is for e.g Require singed commits:

There is as well code and security scanner if we go to code and security analysis: (E.g sonarqube/cloud can be integrated easily from here)

Related:

1 Like

I don’t think we can get any security advantage from this. It’s a security feature provided by a third-party server. “Commit is signed” is meaningless because creation of an arbitrary signing key is cheap. All Kicksecure / Whonix git commits and tags are signed. Those by contributors might not be signed but I have to carefully review, merge and sign these. Whenever users download source code, they can end-to-end verify it against my signing key.

It’s more like policy tools useful to enforce policies for big organizations.

You’d have to suggest a specific threat model where and how some specific setting would help.