On Sat, May 26, 2012 at 11:30:01AM -0700, Gé Weijers wrote: > On Fri, May 25, 2012 at 10:59 AM, Ron Wilson <ronw.m...@gmail.com> wrote: > > On top of that, could support signing one or more of the existing > > signatures at the time of signing. > > When I sign a commit, it can mean multiple things: > 1) I wrote this (authentication) > 2) I approve this (authorization) > > In case 1, we have a one-to-one and immutable correspondence between > signature and commit artifact. This signature is the one used to pin > the blame on someone if you find a backdoor in the code :-( > > In case 2, there can be multiple signatures, some after the fact. > These could be used to keep track of code reviews and/or manager > approvals. > > Now If I'm signing your type 2 signature, what does that actually > mean? "I approve of you approving this"? Signing type 1 signatures is > just the 'authorization' type signature.
Well, you can always have different signers and multiple signatures. One for authentication, one for authorisation. _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users