Cyril Plisko wrote:

That's an interesting reference, thanks - I didn't know that was possible.
 I think the main issue would be that of key management.

We (well, you) already keep ssh public keys.

Adding support to Auth for gpgp keys and adding the hg hooks isn't what I was primarily concerned about, that's pretty easy. I'm thinking more about the logistical issues - for example gpgp won't be available until build 130 [1][2] and we'd have to get everyone (internal and external) to generate and register keys. We'd also have an issue during the transition, where commits that were generated without being signed would be intermingled with ones that were signed.

In principle I think it's a fine idea, and it would certainly address the problem, but that has to be weighed against the additional complexity it would clearly bring with it.

I'm wondering if anyone in the community has any practical experience with doing this?

[1] http://arc.opensolaris.org/caselog/PSARC/2009/397/
[2] http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6884913

--
Alan Burlison
--
_______________________________________________
tools-discuss mailing list
tools-discuss@opensolaris.org

Reply via email to