> Those are pretty obvious. The third one is one I think people tend to
> overlook:
> 3. Signing and review.
Completely agreed. I actually think Arch 1 didn't go far enough in
this direction. It should be possible to do (from the command line)
something like:
tla changes -o foo
... check `foo', send it to someone else for review, sign, and commit ...
tla commit --someoption foo
The `commit' step could take place without even having to build
a local tree. Of course, there are some unsolved issues when time comes to
sanity check the patch in `commit', since the patch may have been corrupted
or tampered with in the mean time: it could add a second file with the same
ID, or add a patch to a non-existent file, or ...
But it's not clear whether tla really should protect against such things.
Accidental corruption is easy to catch with checksums, and if someone has
write-access to the archive, then committing a broken patch isn't
necessarily the worst scenario anyway.
Stefan
_______________________________________________
Gnu-arch-users mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/gnu-arch-users
GNU arch home page:
http://savannah.gnu.org/projects/gnu-arch/
