Daniel Cheng wrote: > Florent Daignière wrote: >> * Daniel Cheng <j16sdiz+free...@gmail.com> [2009-04-03 08:30:09]: >> >>> 2009/4/3 Florent Daignière <nextg...@freenetproject.org>: >>>> * Ian Clarke <i...@locut.us> [2009-04-02 17:44:37]: >>>> >>>>> On Thu, Apr 2, 2009 at 1:55 PM, NextGen$ >>>>> <nextg...@freenetproject.org>wrote: >>>>> >>>>>> Toad said on an other thread you wanted us to keep the same kind of >>>>>> "workflow" : all the devs are pushing to the same repository... How does >>>>>> what >>>>>> you have written above integrate in the picture? >>>>>> >>>>>> Now I am confused. >>>>>> >>>>>> Do we want to lose the auto-build process? The bts integration, and other >>>>>> related things? How do you want released to be rolled? >>>>>> >>>>> If we go with git and github they do support post-receive hooks: >>>>> >>>>> http://github.com/guides/post-receive-hooks >>>>> >>>>> I think the workflow can and should be very similar to what it is >>>>> currently, >>>>> with developers pushing to a single authoritative repository. >>>>> >>>> Okay, so it's technically possible (anyway, pulling on a regular basis >>>> was also an option)... but do we want to fetch code from a remote host >>>> we don't control and auto-run it on emu? The building process involves >>>> running the build-scripts. >>> Currently, the svn commit protected by password. >>> svn does not enforce signed https server cert, >>> mitm attempts can harm as much as that. >>> >> Huh? Svn shows you the server's certificate fingerprint the first time >> you use it... And we are using a valid SSL certificate signed by a 3rd >> party. > > You have never tell me the fingerprint, so it may have been hijacked > since day 1.
No, that's why our certificates are signed by a 3rd party who's certificates ought to be known to you. > And the password was sent to me using plain text... > It shouldn't have been. If you sent me an encrypted email or your public key, I have used it. Anyway, you can securely change it using https://emu.freenetproject.org/admin/ >>> Require for PGP signed commits, if you want something stronger. >>> >> Sure we can do that... but how integrated are the PGP/GPG modules with >> git/hg? What about the GUI versions? > > hg allow "hg sign" to sign a commits. > git allow "git tag -s" to sign a tag. > > One have to hack the pre-commit hook if we want > to sign every commits. > > The reasoning here is: every commit id is a hash. > Once you sign a revision, you are quite sure it won't > be changed. > >>>> NextGen$ >>>> >>>> -----BEGIN PGP SIGNATURE----- >>> [..] >>>> G3IAoIo??????????????????????????? >>> Your pgp signature is charset corrupted. >> Hmm? I am not using UTF8; It's an ISO charset you might not have... >> > > PGP signature in mail should be 7-bit ASCII, right? > No, I don't think so. _______________________________________________ Devl mailing list Devl@freenetproject.org http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
