On Apr 1, 2008, at 19:34 , Zack Weinberg wrote:
On Tue, Apr 1, 2008 at 1:24 PM, Jack Lloyd <[EMAIL PROTECTED]>
wrote:
Is this not possible? I had a feeling it wasn't, and the manual
suggests the same. Can add an alternative tag easily, of course, but
as soon as a tag escapes 'into the wild' it is out there forever,
yes?
Yes. More generally, we have no automated mechanism at present to
revoke or supersede any cert once it has been propagated.
As Bruce points out, it may be possible to request that everyone
manually delete the cert from their own repositories, but this is a
major nuisance for everyone (e.g. personally, this would involve
*finding* all the repositories I've got, on multiple computers).
And yes, this is something that is meant to be addressed within the
general "policy branches" umbrella. -- Part of why so many things are
bundled under that umbrella, by the way, is that they all may involve
a cert-reissuing flag day, and we try very hard to minimize the number
of those.
Even with policy branches, will that be possible? Tag certs, at the
moment, cannot be identified by anything else other than their
contents itself; i.e. they do not have an author nor date attached to
them. So, how can you ban a tag cert? Ban the name? Or in policy
branches, certs get an identifier (be author/date, or whatever) that
can later be used for these purposes?
_______________________________________________
Monotone-devel mailing list
Monotone-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/monotone-devel
