On Wed 2003-01-15 at 04:17:10 +0200, Jani Averbach wrote:
[...]
> How about if we have PKI-signed commit feature in svn?
>
> It would work some way like that:
>
> We have a group developers who have their PKI-keys (pub,sec), and every
> commits are signed with these keys. Now read-only user (like me, sorry),
> will need pub-keys of those developers. I think that is not big issue, for
> examble I already has few of yours key (from apache project and so on).
>
> With this arrangement authenticity of repository will be known at any
> given moment. And every checkout will be checked against those keys. (This
> is of course optional.)
Sorry, if I am ignorant, but for the client to verify the check-ins,
the client would have to retrieve all changes seperately, which is not
the case for subversion. If you request an update which involves 1000
revisions, the server constructs an "patch" containing exactly these
and only send this, which can save a lot of traffic.
I guess your suggestion works better with a purely changeset based
version control.
Benjamin.
- application/pgp-signature attachment: stored
Received on Thu Jan 16 01:15:08 2003