Brian May wrote:
Markus Wanner wrote:
Huh? How should that be possible? Isn't it sufficient exchanging known
public keys during netsync?
Only if you trust the database you are syncing from. Especially for
the initial sync from an exmpty database.
Err. I got distracted as I was double checki
Markus Wanner wrote:
Huh? How should that be possible? Isn't it sufficient exchanging known
public keys during netsync?
Only if you trust the database you are syncing from. Especially for the
initial sync from an exmpty database.
Brian May
___
M
Hi,
Brian May wrote:
> You need to use email addresses in order to answer the question "Who
> signed this revision?"
Huh? No, your key id can be pretty much any string you want it to be.
Monotone certainly doesn't bind that to email addresses exclusively.
It's just common practice.
> I could ima
Lapo Luchini wrote:
1. GPG-sign your monotone public key: this way people that trust your
GPG key know that they can trust your monotone signatures (if they trust
monotone itself, that is)
You still need some way of being able to tell that the revision was
signed with the same key that was GP
Lapo Luchini wrote:
OK, using (the same) e-mail addresses in different keys may pose
additional hurdles, but why using e-mail addresses in the first place?
You need to use email addresses in order to answer the question "Who
signed this revision?"
Unfortunately, what we have is a poor solut
Marcin W. DÄ…browski wrote:
> Would it be ever possible to have an option to use external
> tools for signing certs? I.e. GnuPG signatures?
Not right now (and it's not planned, AFAIK), but you can do of course
things that pretty much guarantee the same thing:
1. GPG-sign your monotone public key:
Robert White wrote:
> Howdy all,
>
> I don't know who decided that .monotone/keys was a good idea but it is
> a DISASTER for me.
>
> For various reasons It is desirable to use the same real world
> identity, q.v. [EMAIL PROTECTED], in several different databases with
> different keys behind them