On Jul 13, 2010, at 09:56 PM, Éric Araujo wrote: >Note that nothing in Mercurial forces you to have a parsable >“Name <email>” user name, it’s just a good practice. Dirkjan’s mapping >uses a dummy to...@python.org address for unknown IDs, which probably >means the other tools he’s writing depend on an email address. That >would need to be in the dev policy.
Bazaar has a facility for digitally signing commits, which I always enable. While this is a local configuration, some projects I contribute to have merge hooks which check the digital signatures and refuse the push if the revisions are not signed with a known gpg key. Does Mercurial have a similar feature? If so, I would suggest that we enable that and require committers to use registered gpg keys to sign their commits. We'd always have a verifiable chain back to a responsible party, and committers would be responsible for any changes or patches they merge on behalf of others. IME the overhead is pretty trivial, but then I'm quite comfortable with gpg concepts and tools. -Barry
signature.asc
Description: PGP signature
_______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
