> *there is no ...reliable way to verify the identity of a creator's SSH key* Gi... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

cmroanirgo on Aug 23, 2022 | parent | context | favorite | on: SSH commit verification now supported

> there is no ...reliable way to verify the identity of a creator's SSH key

GitHub exposes your public key via it's API. (Why? I have no idea. I call it a privacy violation) So, you need to create new github identity for every SSH identity that you wish to remain anonymous for, otherwise they just get tied together & one aspect of anonymity is lost.

ndhlms on Aug 23, 2022 [–]

All that does is associate an arbitrary SSH key with a GitHub account. There is still no reliable way to verify the identity of the GitHub account owner, or the SSH key that account holder generated.

How does that expose any more information than you do by pushing a commit with a GitHub account?

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact