On Friday 08 January 2010 16:26:02 D. Richard Hipp wrote: > This goes back to the idea of "low ceremony". Rather than try to > restrict what people can do, default to letting users do most > anything, but preserve an audit trail in case you are called upon to > prove that your internal processes were followed.
OK, I get that -- although I don't see any way to see the signature (e.g. to verify it) within the UI. > Without the GPG signature, anybody with check-in > privilege to the Fossil self-hosting repository, for example, could > commit some change with the userid "drh" and other users would be > unable to tell if the commit really came from me or an impostor. Right. That could also be done by enforcing a 'whitelist' of GPG keys as I mentioned before. Then even if someone broke into an account, they would be unable to post changes unless they had also compromised one of the valid keys. Of course, this does make life more difficult, but it may be a nice feature to permit (and not require). -- Sending me something private? Use my GPG public key: AD29415D
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
