GitHub 的提交签名验证存在设计缺陷:绿色的"已验证"徽章实际验证的是提交者(committer)的密钥,但显示在作者(author)信息旁。由于 Git 允许通过环境变量自由设置两个身份字段,攻击者可以将作者伪装成任意 GitHub 用户(如 Linus Torvalds),而用自己的密钥签署提交。GitHub 虽然提供了"部分验证"状态作为防护,但需要被冒充的用户手动开启警惕模式(Vigilant Mode),默认关闭且需受害者主动启用,导致绝大多数用户无法得到保护。
The author assesses 12 rsync vulnerabilities against his Go-based gokrazy/rsync. While both he and upstream missed some validation, Go's bounds-checking prevents memory corruption, and the minimal codebase avoids many attack surfaces. He concludes memory-safe languages and minimal implementations significantly reduce security risks.