On Fri, Feb 06, 2004 at 10:58:03PM +0100, Osamu Aoki wrote: > > Proposal: > > > > A nice script could be written to checksum scripts and create a > > signable list of trustable scripts on alioth. > > I thought about this route. But where and what permission to use to > store them. And where you keep these scripts. If these script are to > be kept in the CVS archive, this should be a group/project with > fewer member. >
Ownership of the list is not essential. Proper signing is a requirement to consider the list trustable. And the two scripts will be subject to changes rarely. > > Then, another script on gluck could import only files in that list > > after proper checking. One of the PMs could so sign the list when all > > its files had been checked. This could ensure that only coherent and > > trustable scripts are used on gluck, and could avoid error-prone > > human-based copies. > > If you can make simple and clean script to all these without any > compication, that will be nice. But until then, 2 CVSROOT is the only > simple and sure solution. I am open for this fancy scheme if I see the > working solution. > I'll see what I can do about that. -- Francesco P. Lovergine
