On Wed, May 23, 2012 at 6:35 PM, Lluís Batlle i Rossell <vi...@viric.name>wrote:
> But what would you sign? The original tree? Comment updates? Tags? Dates? > All > until some point? What on later changes to the checkin? This is possibly a very naive question (i know painfully little about cryptography), but can a signature not simply be applied (non-invasively) to any given artifact ID, and then be compared later to the current contents of the referenced artifact? i.e. the signing being separate from (but dependent on) the artifact table data? This implies that the contents could still be tampered with, and could be used by the client, and that tampering would/could be revealed if the keys associated with the artifact are checked and fail to compare (logically an extra step, but i assume it would/could be integrated into the checkout process). :-? -- ----- stephan beal http://wanderinghorse.net/home/stephan/ http://gplus.to/sgbeal
_______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
