Stephen Leake <[EMAIL PROTECTED]> writes:
> I think it would make sense to store the --keydir value in
> _MTN/options, so the default keydir is per-workspace.
I was apparently in another universe when I wrote that; --keydir _is_
stored in _MTN/options, if you specify it when you initially checkou
Markus Wanner wrote:
Daniel Carrera wrote:
My position is that what the PGP web of trust provides identification
but not authorization and so it does not help Monotone.
According to your own definition below, PGP only provides
authentication, not identification.
Hmm... The PGP web of trust v
Hi,
Daniel Carrera wrote:
> My position is that what the PGP web of trust provides identification
> but not authorization and so it does not help Monotone.
According to your own definition below, PGP only provides
authentication, not identification.
I'm thinking of "identification" in broader te
Robert White <[EMAIL PROTECTED]> writes:
>>That can be a one-time operation. Or, there's the possibility of using
>>different keys with different names on the different machines.
>>
>>
> That _can_ be a one time operation, but in my case it is a twice a day
> operation.
Can you explain why? I
Richard Levitte wrote:
I disagree with that notion. Why would visual identification not be
identification? I usually recognise people whose face I've seen, I
can identify them that way. Thus, a picture is an identity as much as
a name is.
Ah, but you have a database in your head that can mat
In message <[EMAIL PROTECTED]> on Tue, 21 Oct 2008 13:25:31 +0200, Daniel
Carrera <[EMAIL PROTECTED]> said:
daniel.carrera> Daniel Carrera wrote:
daniel.carrera> > Now, on "identification": I think the following
daniel.carrera> > might be a relevant example: Imagine an ID card that
daniel.carrera
Daniel Carrera wrote:
Now, on "identification": I think the following might be a relevant
example: Imagine an ID card that has a picture of you but no name. You
and I might disagree on whether we would call this identification. But
it might clear up confusion if I say that this is an example of
Markus Wanner wrote:
The last point is interesting, and it seems sensible to me.
Hm.. I don't see how running our own PKI should be different. Our
web-of-trust is just very simple (and maybe doesn't deserve the term
"web"): every server allows certain keys commit access to certain
branches, onl
Richard Levitte wrote:
*ahem*
identification: Who do you claim to be?
authentication: Can you provide evidence that you are who you claim to be.
authorization: Are you allowed to do this?
Cheers,
Richard ( nit-picker )
Indeed, you are right - and not only about the nit-picker part :-)
Schne
Hi,
Daniel Carrera wrote:
>> Was there a good reason why monotone didn't use GnuPG for signatures?
>> I have a feeling it was related to speed or something.
This question also caught my interest.
> This is in the FAQ:
Thanks for pointing this out.
> The last point is interesting, and it seems
In message <[EMAIL PROTECTED]> on Tue, 21 Oct 2008 11:58:17 +0200, Daniel
Carrera <[EMAIL PROTECTED]> said:
daniel.carrera> The last point is interesting, and it seems sensible to me. It
is the difference between identification and authentication. Something that
Bruce Schneier talks about a lot
Daniel Carrera wrote:
> From the FAQ:
>
> In the rare case where you do know that the person whose passport says
> "Jane Doe" is a hotshot coder who should definitely have commit access,
> you can always ask her to just PGP-sign her email saying "my monotone
> key's fingerprint is 70a0f283898a1881
Lapo Luchini wrote:
But I said "sign your public key", not "sign your keyid" ;-)
Signing the key material, not the name, as in:
From the FAQ:
In the rare case where you do know that the person whose passport says
"Jane Doe" is a hotshot coder who should definitely have commit access,
you ca
Brian May wrote:
Daniel Carrera wrote:
I think that Ethan's idea has a lot of merit. Btw, PGP allows a user
to have multiple keys associated with the same name and email. To help
the user distinguish between keys. If you list them, they look like this:
Daniel Carrera (Personal) <[EMAIL PROTEC
Brian May wrote:
> Lapo Luchini wrote:
>> 1. GPG-sign your monotone public key: this way people that trust your
>> GPG key know that they can trust your monotone signatures (if they trust
>> monotone itself, that is)
>>
> You still need some way of being able to tell that the revision was
> sign
Hi,
Brian May wrote:
> You need to use email addresses in order to answer the question "Who
> signed this revision?"
Huh? No, your key id can be pretty much any string you want it to be.
Monotone certainly doesn't bind that to email addresses exclusively.
It's just common practice.
> I could ima
Hi,
Matthew A. Nicholson wrote:
> I think this is a great idea. Why don't we set a date for the next
> virtual summit. Perhaps the first full weekend in December (the
> 5th-7th)? Or is that too close to thanksgiving (US) or christmas?
Good idea. However, chances to get a complete weekend every
17 matches
Mail list logo
