On Sat, May 26, 2012 at 2:30 PM, Gé Weijers <g...@weijers.org> wrote: > When I sign a commit, it can mean multiple things: > 1) I wrote this (authentication) > 2) I approve this (authorization) > > In case 1, we have a one-to-one and immutable correspondence between > signature and commit artifact. This signature is the one used to pin > the blame on someone if you find a backdoor in the code :-( > > In case 2, there can be multiple signatures, some after the fact. > These could be used to keep track of code reviews and/or manager > approvals. > > Now If I'm signing your type 2 signature, what does that actually > mean? "I approve of you approving this"? Signing type 1 signatures is > just the 'authorization' type signature.
Yes, it would be an additional level of aproval. But that's a process concern. Allow signing other signatures enables more types of processes. _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
