On Mon, Sep 19, 2005 at 04:01:55PM -0400, Derek Price wrote: > [...] but the most > important step is the client verification, I think. The server > authorization already probably depends on SSH keys or somesuch.
I don't think GPG can be used to authenticate users. Malicious people could resubmit old commits (with known security issues), or garbage (signed mails), for example. I know that that's exactly what is done at Savannah and ftp.gnu.org for the upload system - it not a Good Thing nonetheless. -- Sylvain _______________________________________________ Bug-cvs mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/bug-cvs
