| 1 |
Rich Freeman wrote: |
| 2 |
> PKI becomes a nightmare if anybody but devs sign, and when we move to |
| 3 |
> git it won't really be possible to have anybody else sign anyway |
| 4 |
> unless we allow merge commits, which is just a whole different mess. |
| 5 |
|
| 6 |
I'm not sure? Signatures can be made on anything by anyone and stored |
| 7 |
as-is - the question is if and why they will be trusted for anything |
| 8 |
and while interesting I think that's a separate topic? |
| 9 |
|
| 10 |
I mean: Don't confuse commit signatures with repository access control. |
| 11 |
|
| 12 |
|
| 13 |
//Peter |
Archives