daniel added a comment.
In T138708#5017062 <https://phabricator.wikimedia.org/T138708#5017062>, @jeblad wrote: > Note that "click 'sign this' icon next to a statement" imply a fundamentally insecure and broken process. You don't sign something after it is uploaded, you sign it before and while it is still on your own machine. The JSON code snippet should be signed, and then a provenance for the statement including that snippet should be provided. You are completely right and entirely wrong about this :) Of course, you can only sign something that you have on your computer. But that doesn't mean there can't be a "sign this" button that sends me the JSON, lets me sign it locally, and then sends the signature back and attaches it to the statement. That's the idea here. TASK DETAIL https://phabricator.wikimedia.org/T138708 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: daniel Cc: jeblad, CalebMoses, Fliptrail, Cirdan, Salgo60, AndrewSu, Mineo, Hjfocs, Scott_WorldUnivAndSch, Jan_Dittrich, RazShuty, Joshi-Jay-31, srishakatux, Jonas, rosalieper, EddyAfful, BamLifa, MichaelSchoenitzer, psinghal20, Nikhil-nk, Liuxinyu970226, BVershbow_WMF, PDrouin-WMF, Astinson, Ramsey-WMF, Quoth, Daniel_Mietchen, Tpt, Glorian_Yapinus, Micru, Jane023, DarTar, Abbe98, I9606, YULdigitalpreservation, Tallerone, abian, Scott_WUaS, johl, jayvdb, tfmorris, Spinster, TomT0m, Denny, Eloquence, JanZerebecki, T.seppelt, Aklapper, daniel, Zppix, Lydia_Pintscher, alaa_wmde, Dinadineke, Nandana, tabish.shaikh91, Lahi, Gq86, GoranSMilovanovic, Soteriaspace, Jayprakash12345, JakeTheDeveloper, QZanden, merbst, LawExplorer, _jensen, Wikidata-bugs, aude, TheDJ, Mbch331
_______________________________________________ Wikidata-bugs mailing list Wikidata-bugs@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs
