On 2 December 2015 at 10:00, Stephan Beal <[email protected]> wrote: > > On Dec 2, 2015 6:37 PM, "Richard Hipp" <[email protected]> wrote: >> >> On 12/2/15, jungle Boogie <[email protected]> wrote: >> > >> > Questions: Is there a setting to show if check-ins are signed with the >> > gpg >> > key? >> > How would a visitor of a repo know if a check-in was signed vs. not >> > signed? >> > >> >> Note currently implemented, as nobody in the previous 8.37 years has >> ever wanted to see that. > > There was a thread a few years back about it, but someone pointed out that a > marker in the timeline is not sufficient, because such a marker can be faked > via CSS and because fossil does not (cannot?) verify the signature itself. i > don't recall the details. >
So it even mentioning the fact that a commit may be crypto signed, it may be a security issue? -- ------- inum: 883510009027723 sip: [email protected] xmpp: [email protected] _______________________________________________ fossil-users mailing list [email protected] http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
