Jamie Webb wrote:
Alternatively, you could require that the patch is signed with a
recognised GPG key (since both signing and verification are built into
Darcs), though that would mean that authentication is delayed until
the patch bundle has already been uploaded.
How do you get Darcs to *verify* the GPG signature? I'm very interested
in this. This is a problem I've found with Darcs that I haven't yet
found a solution for. That is, I haven't found a way to guarantee that
patch xyz was made by the person it says.
How do you verify the signature from darcs? Is it also possible to go
back to a patch from 3 years ago and re-verify its signature? Or do I
have to trust that I actually verified the signature 3 years ago before
applying?
Cheers,
Daniel.
--
/\/`) http://oooauthors.org
/\/_/ http://opendocumentfellowship.org
/\/_/
\/_/ I am not over-weight, I am under-tall.
/
_______________________________________________
darcs-users mailing list
[email protected]
http://www.abridgegame.org/mailman/listinfo/darcs-users
