Cyril Plisko wrote:
That's an interesting reference, thanks - I didn't know that was possible.
I think the main issue would be that of key management.
We (well, you) already keep ssh public keys.
Adding support to Auth for gpgp keys and adding the hg hooks isn't what
I was primarily concerned about, that's pretty easy. I'm thinking more
about the logistical issues - for example gpgp won't be available until
build 130 [1][2] and we'd have to get everyone (internal and external)
to generate and register keys. We'd also have an issue during the
transition, where commits that were generated without being signed would
be intermingled with ones that were signed.
In principle I think it's a fine idea, and it would certainly address
the problem, but that has to be weighed against the additional
complexity it would clearly bring with it.
I'm wondering if anyone in the community has any practical experience
with doing this?
[1] http://arc.opensolaris.org/caselog/PSARC/2009/397/
[2] http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6884913
--
Alan Burlison
--
_______________________________________________
tools-discuss mailing list
tools-discuss@opensolaris.org