[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Monotone-devel] Re: Using monotone in a team

From: Brian May
Subject: Re: [Monotone-devel] Re: Using monotone in a team
Date: Thu, 30 Nov 2006 17:06:50 +1100
User-agent: Gnus/5.110006 (No Gnus v0.6) XEmacs/21.4.19 (linux)

>>>>> "Daniel" == Daniel Carosone <address@hidden> writes:

    Daniel> Again, it's not about permissions to change things, it's
    Daniel> about whether your trust (ie, how you pay attention to)
    Daniel> what they do.

    Daniel> In this context, this means that everyone accepts changes
    Daniel> in the junior branch from junior and denior developers,
    Daniel> and in the main branch only from the senior developers.
    Daniel> More specifically, that I only trust main-branch certs
    Daniel> signed by senior developers.

    Daniel> From time to time, a senior developer looks at revs in the
    Daniel> junior branch.

What happens if a trusted developer's key becomes compromised
(e.g. laptop stolen) or the developer becomes untrustworthy
(e.g. fired)?

Can you somehow say that old signatures are still valid, but new ones

Hmm. Need to think about this more.

Having every certificate contain a time and date stamp would be a good
start - but then you have to trust the computer clock that creates
every signature.
Brian May <address@hidden>

reply via email to

[Prev in Thread] Current Thread [Next in Thread]