On Monday 05 April 2010 22:34:52 D. Richard Hipp wrote: > Hence, Fossil has from the beginning supported the ability to PGP sign > check-ins. The PGP signature is optional. If a check-in is signed, > you know exactly who originally made that check-in. In situations > where it matters, simply assume that an unsigned check-in is malicious > and avoid using or it.
It would be much more useful if the "clearsign" option had a "require" setting. That is, either "off", "on" or "require". The "require" setting would not permit checkins which did not have a GPG signature. -- For privacy, my GPG key signature is: AD29415D
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users