Christian Theune wrote:
> However, this only *allows* clients to manage their password reasonably,
> it doesn't force them to.
Well, you can't force someone to keep their private key private either...
At the end of the day, if an svn account is compromised, we'll see a
load of bogus commits. My understanding of svn is that those are
moderately easy to remove.
> From my understanding, the interesting part is what the DVCSs do: let
> people sign their commits with e.g. their PGP key (strong auth) and
> allow them to share that data somewhere (different mechanism maybe not
> so strong auth).
Well, the only "auth" bit seems to be where the "offical" changesets are..
Simplistix - Content Management, Zope & Python Consulting
Zope-Dev maillist - Zope-Dev@zope.org
** No cross posts or HTML encoding! **
(Related lists -