question about gpg signed commits
Robey Pointer
robey at lag.net
Sat Mar 3 21:55:19 GMT 2007
On 16 Jan 2007, at 2:20, Alexander Belchenko wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I'd like to understand gpg signed commits.
> Working on bzr-config I study gpg-related options.
> There is bzr command 'sign-my-commits', but no other
> commands like verify?
> I don't understood how this infrastructure should work
> in general and in details. Do I need sign my commits
> for bzr.dev? For my own bzr-related projects?
> What means signed repository for another people who
> want to checkout my signed repository? Does people
> should mandatory have my open key to working with
> signed repository?
I'd like to know more too. This is a feature I miss from TLA.
There's a page on the wiki:
http://bazaar-vcs.org/BzrGpgSigning
which says the feature was never quite completed. Does anyone know
if that page is accurate / up to date?
robey
More information about the bazaar
mailing list