Lapo Luchini wrote:
1. GPG-sign your monotone public key: this way people that trust your
GPG key know that they can trust your monotone signatures (if they trust
monotone itself, that is)
You still need some way of being able to tell that the revision was
signed with the same key that was GPG signed. The keyid in monotone, as
is, does not tell you this. It is possible to have multiple keys with
the same keyid, possibly accidentally, or possibly a deliberate attempt
to breach security.
Brian May
_______________________________________________
Monotone-devel mailing list
Monotone-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/monotone-devel
