Florent Daigni?re wrote: > * Daniel Cheng <j16sdiz+freenet at gmail.com> [2009-04-03 08:30:09]: > >> 2009/4/3 Florent Daigni?re <nextgens at freenetproject.org>: >>> * Ian Clarke <ian at locut.us> [2009-04-02 17:44:37]: >>> >>>> On Thu, Apr 2, 2009 at 1:55 PM, NextGen$ <nextgens at >>>> freenetproject.org>wrote: >>>> >>>>> Toad said on an other thread you wanted us to keep the same kind of >>>>> "workflow" : all the devs are pushing to the same repository... How does >>>>> what >>>>> you have written above integrate in the picture? >>>>> >>>>> Now I am confused. >>>>> >>>>> Do we want to lose the auto-build process? The bts integration, and other >>>>> related things? How do you want released to be rolled? >>>>> >>>> If we go with git and github they do support post-receive hooks: >>>> >>>> http://github.com/guides/post-receive-hooks >>>> >>>> I think the workflow can and should be very similar to what it is >>>> currently, >>>> with developers pushing to a single authoritative repository. >>>> >>> Okay, so it's technically possible (anyway, pulling on a regular basis >>> was also an option)... but do we want to fetch code from a remote host >>> we don't control and auto-run it on emu? The building process involves >>> running the build-scripts. >> Currently, the svn commit protected by password. >> svn does not enforce signed https server cert, >> mitm attempts can harm as much as that. >> > > Huh? Svn shows you the server's certificate fingerprint the first time > you use it... And we are using a valid SSL certificate signed by a 3rd > party.
You have never tell me the fingerprint, so it may have been hijacked since day 1. And the password was sent to me using plain text... >> Require for PGP signed commits, if you want something stronger. >> > > Sure we can do that... but how integrated are the PGP/GPG modules with > git/hg? What about the GUI versions? hg allow "hg sign" to sign a commits. git allow "git tag -s" to sign a tag. One have to hack the pre-commit hook if we want to sign every commits. The reasoning here is: every commit id is a hash. Once you sign a revision, you are quite sure it won't be changed. >>> NextGen$ >>> >>> -----BEGIN PGP SIGNATURE----- >> [..] >>> G3IAoIo??????????????????????????? >> Your pgp signature is charset corrupted. > > Hmm? I am not using UTF8; It's an ISO charset you might not have... > PGP signature in mail should be 7-bit ASCII, right?