Am Dienstag 14 April 2009 12:22:12 schrieb Arne Babenhauserheide:
> A workflow where the repository gets updated only from repositories
> whose heads got signed by at least a certain percentage of trusted
> committers.
Could someone comment on this?
It's quite security related, so I really need feedback on it...
The reason for the workflow is to allow trusted groups to publish anonymous
repositories.
It should even work, if the group gets partly compromised, and it should allow
regrouping as long as enough trusted people remain long enough to do one more
update.
Do you see any glaring flaws in the scheme?
And does it sound useful to you?
Best wishes,
Arne
--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
- singing a part of the history of free software -
http://infinite-hands.draketo.de
_______________________________________________
Devl mailing list
Devl@freenetproject.org
http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
