On Jan 8, 2010, at 8:55 AM, Ron Aaron wrote: > First, I'd like to thank DRH for another incredible software package! > > When I have 'clearsign' set 'on' , I am asked for my GPG password. > I notice > that the 'manifest' gets signed. That's all fine. > > What I wonder is what use this is? I mean, it would be very cool if > I could > restrict checkin to only accept manifests signed by a list of 'ok' > GPG keys. > As it stands, it doesn't seem a particularly useful feature. Or am > I missing > something?
This goes back to the idea of "low ceremony". Rather than try to restrict what people can do, default to letting users do most anything, but preserve an audit trail in case you are called upon to prove that your internal processes were followed. The GPG signature proves that the person who did the check-in really was who they claimed to be. Without the GPG signature, anybody with check-in privilege to the Fossil self-hosting repository, for example, could commit some change with the userid "drh" and other users would be unable to tell if the commit really came from me or an impostor. D. Richard Hipp d...@hwaci.com _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
