I like the idea of showing a warning. If an "untrusted" commit was pushed to the server, what sensible actions would you see for handling it? Having an option to re-sign the commit with a "good" key would be nice.
Let me know your thoughts on this. I'll open a ticket if you think it's something that might be worth implementing. On Mon, Feb 7, 2011 at 11:51 AM, Richard Hipp <[email protected]> wrote: > > > On Mon, Feb 7, 2011 at 11:45 AM, Justin Mazzi <[email protected]> wrote: > >> Hey, >> >> Two questions regarding signing. >> >> 1) Can you enforce the signing of commits on the server's side? >> >> 2) Can a list of accepted keys be used? I wanna make sure the developers >> are using the correct key when signing. >> > > Since commits (and everything else really) happens on the client, you > cannot really enforce things. The client has complete control over their > copy of the repository. > > On the other hand, Fossil could be enhanced so that it tags check-ins that > are not signed with an approved key. Maybe shows them with a special > "warning" icon or something like that. Or maybe chooses not to show them at > all. But that would be an enhancement. > > >> >> -- >> Justin Mazzi >> >> _______________________________________________ >> fossil-users mailing list >> [email protected] >> http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users >> >> > > > -- > D. Richard Hipp > [email protected] > > _______________________________________________ > fossil-users mailing list > [email protected] > http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users > > -- Justin Mazzi
_______________________________________________ fossil-users mailing list [email protected] http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
