As far as I can tell, neither platform offers:

- An org-level allowlist of approved signing keys

- A way to reject a push based on the signing key itself

- A built-in way to audit who has accessed what (You have to stream and parse the audit logs yourself!)

The workarounds I've seen, like re-verifying signatures in CI, blocking deployments on unapproved keys, self-hosting Git with pre-receive hooks, all share the same problem: the bad commit still lands in the repo. CI catches it after the fact.

Given recent supply chain attacks, this feels like table stakes, and I'm really fucking annoyed at Github for trying to shove Copilot down my throat instead of helping me with basics like this. We're considering issuing hardware keys to every dev, building a custom verification and audit pipeline, streaming audit logs to our own SIEM, and upgrading to enterprise tiers for basic visibility. That's a lot of work for something that should be built in.

So:

- Are any of you solving this cleanly today? Am I missing something?

- Is everyone relying on CI enforcement?

- Are there platforms that do proper key allowlisting + enforcement? - Or is the answer really "self-host everything and write hooks"?

I'm slowly losing my mind over this. We're a small dev shop and I can't believe we're the first ones to want to be able to fully trust our git log and Github history!

Feels like we're one compromised laptop away from "Verified" supply chain attacks.

Comments URL: https://news.ycombinator.com/item?id=47945581

Points: 5

# Comments: 0

What you describe is one of the main reasons why I use Rhino3D. It can be scripted via the Grasshopper plugin, which integrates really nicely with Rhino and its primitives. Sadly, Rhino isn't open source and is quite pricy

- https://www.rhino3d.com/ - https://www.grasshopper3d.com/

Also, I see great value in not having to take care of the runtime itself. Sure, I can write a python script that does what I want much quicker and more effectively with claude code, but there is also a bunch of work to get it to run, restart, log, alert, auth…

For the user it's kind of a a soft MFA via email where they don't have to enable it, but also don't always get the challenge.

Astonishingly, we had barely any complaints about the system via customer care and also didn't notice a drop in (valid) logins or conversion rates.

I raise this because I've been in multiple system architecture meetings where people were complaining about latency between data centers, only to later realize that it was pretty close to what is theoretically possible in the first place.

Easier and safer to have separate domains.

An Elegant Puzzle: Systems of Eng Management (https://lethain.com/elegant-puzzle)

and

The Art of Leadership, small things done well (https://www.amazon.com/Art-Leadership-Small-Things-Done/dp/1...)

There are a lot more that were helpful to me, but those two encompass most of the important concepts and skills already in a usefully synthesized way, at least for me.

Wikipedia has a summary on the idea behind the essay https://en.wikipedia.org/wiki/Friedman_doctrine

Maybe what looks archaic to you is that under French labor law, employees can’t be treated differently if they have the same type of contract. Meaning one individual can’t work two days from home and another three. Or one person can’t just have their travel expenses to and from the office payed, unless all employees with the same contract have that too.

I believe this is why they had to introduce the new contract for remote work. With this, their strong worker protections stay in tact while still allowing for more modern ways of working.

What is archaic is their bloody governmental control system. There is an inspector for every stupid thing you can imagine and it is an enormous waste if time and money.

It’s not a safe way to hide content by any means, but is just enough to stop myself from worrying about what others still think about my writing. I can still share links with individuals if I want.

I have been trying to get myself to write more for twenty years and this was the first thing that helped.

I'm looking forward to them switching to Quarkus, which will make it more ameneable to be run in containers.