1. 4

  2. 2

    Seems quite useful for teams collaborating on Github although I’m not touching it with a 6 foot stick until someone knowledgable in security says this is a good idea.

    1. 4

      The implementation is fairly small; it effectively adds the Github user’s public keys to the box’s authorized_keys file on startup and removes the keys on program termination. It relies on the fact that all Github users public keys are publically available at github.com/<username>.keys (e.g mine).

      To use it you’d have to trust the individual, Github, your connection with Github and also that their key is theirs and theirs only.

      1. 1

        That was my first thought, then I realised it’s no more dangerous than the rest of the unsigned binaries I install off the internet