On Mon, 7 Feb 2011 11:51:29 -0500
Richard Hipp <[email protected]> wrote:
> On Mon, Feb 7, 2011 at 11:45 AM, Justin Mazzi <[email protected]> wrote:
> > Two questions regarding signing.
> > 1) Can you enforce the signing of commits on the server's side?
> > 2) Can a list of accepted keys be used? I wanna make sure the developers
> > are using the correct key when signing.
> On the other hand, Fossil could be enhanced so that it tags check-ins that
> are not signed with an approved key. Maybe shows them with a special
> "warning" icon or something like that. Or maybe chooses not to show them at
> all. But that would be an enhancement.
Since the worry is usually about the "main" repo, how about an
enhancement that disallows pushing/pulling changes that aren't signed
with an approved key? Then you'd just have to arrange thing so that
untrusted developers don't have direct access to the repo, but must
push/pull changes to it.
<mike
--
Mike Meyer <[email protected]> http://www.mired.org/consulting.html
Independent Network/Unix/Perforce consultant, email for more information.
O< ascii ribbon campaign - stop html mail - www.asciiribbon.org
_______________________________________________
fossil-users mailing list
[email protected]
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
