On 5/23/12, Lluís Batlle i Rossell <vi...@viric.name> wrote: > But what would you sign? The original tree? Comment updates? Tags? Dates? > All > until some point? What on later changes to the checkin?
To answer your last question, you can only sign what exists at the time of the signing. In the simplest case, just sign the Manifest artifact. Each signature would be a Control artifact with a Signature tag, a Singer tag and a Signer-comment tag, both refering to the Manifest artifact (or maybe Signer-comment references its containing artifact). The signature would be on the Manifest artifact, the Signer, the signing date and the signer comment. Any number of signatures could be applied to the Manifest. On top of that, could support signing one or more of the existing signatures at the time of signing. For simplicity, a signature Control Artifact would only contain a single set of signing tags and refer to only a single Manifest and the list of other signatures for the same Manifest that are being "over signed". This way the entire target artifacts could be signed If we then want to include other tags, I would suggest that the signing artifact include the tages (and their values) being signed. This way, the signer can simply view the effective tag values, optionally edit them, then submit the signature including the "approved" tags and values. Unfortunately, signing tags then creates 2 classes of tags and associated complications. When fetching the contents of a commit, it should be moderately easy to choose by querying on the signer., or pressence of a signature. However, Fossil propagates tags based on most recent. Even simply selecting on most recently signed would likely add a very significant amount of complexity. _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
