From Better SCM mailing list: Distributed VCS with good user verification?
Eugene Wee
crystalrecursion at gmail.com
Thu May 7 07:06:39 BST 2009
Hi,
I saw this on the Better SCM mailing list, and decided to forward it
here to see if anyone could help Lasse
out:
https://lists.berlios.de/pipermail/better-scm-discuss/2009-May/000051.html
The gist of the problem with respect to Bazaar:
> When I look at the commit log, I want to see at a glance who
> committed which revision. I want to be sure that those names
> displayed are really meaningful. That is, it should be guaranteed
> that in fact that person which I associate with the displayed
> name has committed the respective revision.
> - Bazaar can sign revisions, and it can be told to sign each and
> every revision upon commit. However, I did not find any
> built-in way to check signatures. There is an option
> 'check_signatures' which can be set to 'required', but I could
> not find out what it does actually. It is not documented.
>
> There is a plugin for Bazaar, however, with which one can get
> statistics on how many revisions are signed and which
> signatures cause problems. When this statistics says that
> everything is signed and okay, then one can trust the user
> names in the commit log.
>
> Bottom line is that Bazaar is closest to my needs, but not yet 100%.
Regards,
Eugene Wee
More information about the bazaar
mailing list