On 27 mrt 2006, at 17:52, Chad Walstrom wrote:
Interesting post. I'm curious about the security ramifications of including runnable applications inside the repository. Have you considered how to protect against malicious code uploaded to the repository? What does the trust-chain look like?
Must admit, haven't thought about it much. Bottomline is though, that the structure as in the example is not much different than say, putting a bunch of shell scripts under revision control in a repo and the same principles would apply in both cases.
In my/our usage of monotone i've not used an *explicit* trust chain based on what types of files are in the repo. Other than giving people read or write access to branches and implementing a couple of private branches, i have never gone further than that.
marcel -- Marcel van der Boom HS-Development BV -- http://www.hsdev.com So! webapplicatie framework -- http://make-it-so.info
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Monotone-devel mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/monotone-devel
