You could sign each revision with the PGP key of the commiter. i.e.
compute the checksum of the diff ( with MD5 or whatever ), and sign it.
Could even be stored on the SVN server itself. If the server is
compromised, they still can't fake a correct signature.
Problem though is how to reconstruct the checksum of the changes locally
when you do svn update ?
TTimo
On Thu, 6 Nov 2003 15:21:57 +0100
"SteveKing" <steveking@gmx.ch> wrote:
> Hi,
>
> Just came to read this:
> http://kerneltrap.org/node/view/1584
> and it made me think. Could this happen
> with subversion too?
>
> If you read the posts below the news
> Andreas Dilgers wonders if it's possible
> to add GPG signatures to BK - I'm
> wondering now if this could be done
> with subversion?
>
> Stefan
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Nov 6 15:32:54 2003