[RFC] cryptographic signatures - compared to monotone?
Jan Hudec
bulb at ucw.cz
Mon Feb 13 06:50:15 GMT 2006
On Sun, Feb 12, 2006 at 16:15:52 +0200, Jari Aalto wrote:
>
> I've noticed that there are are many new exiting fetures proposed and
> being discussed. Many new commands and options and the like.
>
> Perhaps the developers are already thinking about this, but I feel
> that the design should take into account the cryptographic signatures
> along with proposed new functionality.
Alrady implemented. For quite some time IIRC.
See http://wiki.bazaar.canonical.com/ConfiguringBzr for how to set it
up.
> I don't know monotone, but I believe it's the one that heavily relies
Monotone got this pretty wrong IMHO. It has it's own crypto system and
it requires using it. So you must create another kind of key and set up
the system before you can use monotone.
On the other hand bzr uses gpg, which most people already have, and it's
use is optional.
> on hashes to identify the changes. Bzr should also have signing and
> verifying capabilities for operations like:
>
> pull
> push
>
> Before accepring changes that can ve verified. Being distributed, it
> would otherwise become very difficult to control who can/may so
> operations that would modify the repositories/branches.
--
Jan 'Bulb' Hudec <bulb at ucw.cz>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/bazaar/attachments/20060213/4b66a810/attachment.pgp
More information about the bazaar
mailing list