<quote> And what's the difference to your proposed solution? </quote>
Basically, the differences are that a) one has to control paper sheet(s) instead of a private signature key data value and computing environment, and b) this control is about integrity only, no need for long-term private signature key secrecy protection.
But I agree that the attractiveness of the procedure is debatable. IT security is seldom devoid of impediments.
Either way my questions remain: which files are involved in a digital signature of a revision range? Also which subversion legitimate operations (e.g. move repository from Linux to Windows) would invalidate the digital signatures?
(not being a subscriber to the list, a CC to me would be appreciated) Thanks -- - Thierry Moreau thierry.mor...@connotech.com
