On Apr 5, 2010, at 3:45 PM, David Bainbridge wrote: >> Hence, Fossil has from the beginning supported the ability to PGP >> sign >> check-ins. The PGP signature is optional. If a check-in is signed, >> you know exactly who originally made that check-in. In situations >> where it matters, simply assume that an unsigned check-in is >> malicious >> and avoid using or it. >> >> Fossil could be enhanced, I suppose, to given a clear visual >> indication to those check-ins that are signed by trusted individuals, >> and those which are not. Or, it might give a warning prior to >> doing a >> new check-in or merge against an unsigned check-in. Things like >> that. It would not be hard to add these features as the underlying >> file format supports them. It is just that the need hasn't come up >> yet. >> >> D. Richard Hipp >> d...@hwaci.com >> > > So I take it that other DVCSs lack this signing feature.
I think git allows you to sign check-ins too, doesn't it? (Somebody with more Git experience, please set me straight.) I have no idea what the situation is with Hg or Bzr, though I would be surprised if they don't also have some kind of PGP interface. > This seems to be a strong differentiator in favor of Fossil, where > this is needed. > > I am currently looking at Git, Mercurial, Fossil, Bazaar from an > enterprise perspective and trying to draw my own conclusions on what > is needed to use one of these in an enterprise setting. There seems to > be so much rumor in this particular subject area so thanks for > something concrete! > > Regards > > David Bainbridge > _______________________________________________ > fossil-users mailing list > fossil-users@lists.fossil-scm.org > http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users D. Richard Hipp d...@hwaci.com _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users