[ANN] autosign extension
Lasse Kliemann
lasse-list-mercurial-2009 at mail.plastictree.net
Wed May 13 12:17:51 CDT 2009
* Message by -Arne Babenhauserheide- from Wed 2009-05-13:
> On Wednesday, 13. May 2009 16:02:57 Lasse Kliemann wrote:
> > However, I would prefer something quite different. We could allow
> > a configurable set of pairs (F,U) consisting of a key fingerprint
> > F and a username U each. The configuration could be done in
> > ~/.hgrc or such.
>
> It could also be specified in a version tracked file .hgkeys or so (use the
> keys in the _previous_ revision - that gives a verified line of commits).
>
> That way keys can be specified on a per-repo base and trusted keys can easily
> be added.
As far as I see, even with the proposed restriction (to use the
previous revision), this allows anyone to promote any key to
testify authorship for anyone. Users would have to check each new
version of .hgkeys to see whether they agree or not (BTW, some
kind of 'alert' feature to notify users when a specific file
changes would generally be nice).
On the other hand, I see the appeal of some version-controlled
key and username management (although my proposed feature would
also work without). Currently, I'm not 100% sure what I would
like to have. Moreover, X.509 with its CA-oriented structure
might give new possibilities (and new challenges). I'll think
about it some more.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
Url : http://selenic.com/pipermail/mercurial/attachments/20090513/323369ab/attachment.pgp
More information about the Mercurial
mailing list