Re: [Monotone-devel] Re: Using monotone in a team

[Timothy Brownawell]

On Thu, 2006-11-30 at 17:06 +1100, Brian May wrote:
> >>>>> "Daniel" == Daniel Carosone <address@hidden> writes:
> 
>     Daniel> Again, it's not about permissions to change things, it's
>     Daniel> about whether your trust (ie, how you pay attention to)
>     Daniel> what they do.
> 
>     Daniel> In this context, this means that everyone accepts changes
>     Daniel> in the junior branch from junior and denior developers,
>     Daniel> and in the main branch only from the senior developers.
>     Daniel> More specifically, that I only trust main-branch certs
>     Daniel> signed by senior developers.
> 
>     Daniel> From time to time, a senior developer looks at revs in the
>     Daniel> junior branch.
> 
> What happens if a trusted developer's key becomes compromised
> (e.g. laptop stolen) or the developer becomes untrustworthy
> (e.g. fired)?
> 
> Can you somehow say that old signatures are still valid, but new ones
> aren't?

Define "new" (monotone has no concept of time).

The only way we really have is to take some other key (quite possibly
specially generated for this, and then never used again), and reproduce
all the certs that you do want to trust. (Well, you *could* give the
trust hooks a list of all the known-good certs, but that gets really
ridiculous really fast.)

> Hmm. Need to think about this more.
> 
> Having every certificate contain a time and date stamp would be a good
> start - but then you have to trust the computer clock that creates
> every signature.

Which has historically been enough for us to discard this idea as
unworkable.

-- 
Timothy

Free (experimental) public monotone hosting: http://mtn-host.prjek.net