On Sat, Aug 24, 2013 at 10:30 PM, Eric Rubin-Smith <[email protected]>wrote:
> You should be careful how you render things like that. I think now a > malicious user Mallory can easily subvert your scheme by appending the text > " (*PGP SIGNED*)" to the end of his unsigned check-in comment. People will > think he has signed the check-in when he really hasn't. > All excellent points. That feature was in its own branch, and you've certainly convinced me not to trunk it. -- ----- stephan beal http://wanderinghorse.net/home/stephan/ http://gplus.to/sgbeal
_______________________________________________ fossil-users mailing list [email protected] http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
