Rich Freeman wrote: > PKI becomes a nightmare if anybody but devs sign, and when we move to > git it won't really be possible to have anybody else sign anyway > unless we allow merge commits, which is just a whole different mess.
I'm not sure? Signatures can be made on anything by anyone and stored as-is - the question is if and why they will be trusted for anything and while interesting I think that's a separate topic? I mean: Don't confuse commit signatures with repository access control. //Peter
