Am Dienstag 14 April 2009 12:22:12 schrieb Arne Babenhauserheide: > A workflow where the repository gets updated only from repositories > whose heads got signed by at least a certain percentage of trusted > committers.
Could someone comment on this? It's quite security related, so I really need feedback on it... The reason for the workflow is to allow trusted groups to publish anonymous repositories. It should even work, if the group gets partly compromised, and it should allow regrouping as long as enough trusted people remain long enough to do one more update. Do you see any glaring flaws in the scheme? And does it sound useful to you? Best wishes, Arne --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- - singing a part of the history of free software - http://infinite-hands.draketo.de _______________________________________________ Devl mailing list Devl@freenetproject.org http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl