Am Freitag 03 April 2009 12:18:11 schrieb Florent Daigni?re: > Sure we can do that... but how integrated are the PGP/GPG modules with > git/hg? What about the GUI versions?
At least for hg you can just activate the gpg extension (distributed with hg) and can then sign changesets with $ hg sign [REVISION] I didn't yet try to use TortoiseHG for signing. ctivate the extension by adding the following in .hg/hgrc (for one single repository) or ~/.hgrc (for the user) [extensions] hgext.gpg = At least for Mercurial, more efficient than enforcing signatures for all commits would be to only allow a push, if all heads are signed or are signature commits coming after a signed commit, because that means that someone checked all new commits leading to the heads. Since Mercurial history is considered as mostly immutable (you need to activate history changing extensions to modify it, and you can't delete changes in others repositories - though you can revert them), this means that each set of changes will be checked before it gets into the main repo. This would also allow a workflow, where someone acts as gatekeeper and pulls contributions from others, which he/she then verifies, signs and pushes to the main repo. The contributions from others can for example be in anonymous repositories on freenet or can be sent by (free-)mail as patches. Best wishes, Arne -- -- Ein W?rfel System: http://1w6.org - einfach saubere (Rollenspiel-) Regeln. -- Infinite Hands: http://infinite-hands.draketo.de - singing a part of the history of free software. -- My stuff: http://draketo.de - stories, songs, poems, programs and stuff :) -- PGP/GnuPG: http://draketo.de/inhalt/ich/pubkey.txt -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20090403/81d44315/attachment.pgp>
