Thus said Warren Young on Mon, 18 Dec 2017 17:55:16 -0700
I want to restrict this thread to the technical issues: preventing
wyoung/tangent confusions, or helping Donny trust Alice, or or giving Donny the
tools to *not* trust Alice just because Bob trusts Alice.
I can't remember the repo drh mentioned, but he signs commits with a GPG
key, maybe Th1 repo?. W.r.t. signing commits, I think this information
is only shown in the manifest link:
https://www.fossil-scm.org/skins/original/artifact/a6c5a4620a5388fd
I think I asked something to the effect of, can this information be
shown in the overview section of a commit, but since that hasn't really
been asked for, it was assumed it wasn't really a needed feature.
And honestly, it would have only provided some assurance if you had
signed the commit with a gpg key.
So if you committed something as drh with an improved overview section
showing gpg keys, would this has prevented confusion? Would we have
easily seen wyoung attempted to commit as drh, because of a missing gpg
key? I don't even know what happens if the drh has gpg keys setup and
wyoung attempts a commit. Would the commit work and not be signed?
_______________________________________________
fossil-users mailing list
[email protected]
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
