1 |
Rich Freeman wrote: |
2 |
> PKI becomes a nightmare if anybody but devs sign, and when we move to |
3 |
> git it won't really be possible to have anybody else sign anyway |
4 |
> unless we allow merge commits, which is just a whole different mess. |
5 |
|
6 |
I'm not sure? Signatures can be made on anything by anyone and stored |
7 |
as-is - the question is if and why they will be trusted for anything |
8 |
and while interesting I think that's a separate topic? |
9 |
|
10 |
I mean: Don't confuse commit signatures with repository access control. |
11 |
|
12 |
|
13 |
//Peter |