"Ronald G. Minnich" <[email protected]> writes: > On Thu, 17 Mar 2005, Stefan Reinauer wrote: > > > It is enough to use ssh. THOUGH: It is highly recommended that you sign > > the commits so that the origin can be verified. (ie otherwise I could in > > theory fake a commit done by you) > > to make sure I understand: if I have a gpgkey, then the commit process > will automagically ensure that it is signed, which is not the case for > sshkey?
These issues are orthogonal. The ssh key provides write access to the repository through sftp. By chance this is the easiest way to implement a shared archive. The gpg key (which is mandatory on a signed arch archive like [EMAIL PROTECTED]) allows people to check to see if it was really you who committed the change. So you just need the ssh key to talk to Stefan box at openbios.org Eric _______________________________________________ LinuxBIOS mailing list [email protected] http://www.openbios.org/mailman/listinfo/linuxbios
