steffen.sprung wrote:
> We must control:
> -> the source-code which the user would like to use
> -> and the source-code which is in the database
>
> If wee generate a 'Signature' of a Souce.File (we can use
> PGP+CommandLine), these allow us to verify their authenticity, their
> origin, but equally to assure itself that the Souce.File is intact
> (control of the integrity).
I believe the integrity of the files is already verified by subversion
using MD5 checksums. I am not absolutely sure on this - can someone help
me out here?
As for authenticity, don't you trust the security features of Apache or
SSL to prevent unauthorized persons committing to your repository? How
else would a bogus file get there?
> * The 'Signature' of a Souce.File must be generate of the Client side,
> because the Private-Key's are local !
You have asked for Commit and Checkout hooks. What about Update, Switch,
Import, Export, etc?
> => The attached picture demonstrates our idea.
You have just sent me a 1.8MB uncompressed bmp file. Don't do that
again. If you must send pictures, please use gif, jpg or png if you hope
to get any answers from this list.
If I am translating correctly from French, you show merging taking place
on the server. That does not happen in subversion. Merging is a client
side operation.
Everything I have seen so far suggests that you have not really
understood how subversion works. I think you need to find out a lot more
before you start asking for new features.
Simon
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tortoisesvn.tigris.org
For additional commands, e-mail: dev-help@tortoisesvn.tigris.org
Received on Fri Nov 5 18:05:03 2004