[Cabal] Monotone keys

Ethan Blanton elb at psg.com
Sun Jan 21 21:06:59 EST 2007


Evan Schoenberg spake unto us the following wisdom:
> On Jan 21, 2007, at 8:50 PM, Sean Egan wrote:
>
> But shouldn't my trust settings prevent an update from bringing those  
> revisions into use, since your cert isn't trusted?  Or is the default  
> to trust everyone and we should all be making changes such that we  
> trust developers and nobody else in im.pidgin.pidgin?  (http:// 
> venge.net/monotone/wiki/TrustFoundations seems to indicate that such  
> a change needs to be made locally for each client).

We currently have no trust policy in place, so we trust every revision
on the server.  This is OK for now.  We can talk about more
complicated trust policies if we need them, but hopefully by that time
policy branches (complicated, we can discuss that later, too) will
have landed on monotone.  I really don't think this will be a problem
until, for example, we want to allow semi-trusted or untrusted parties
(say, packagers or third party plugin developers) to commit directly
to the pidgin.im monotone database, and then bless their changes in by
hand.  Right now, this is solved by requiring that a developer pull
their changes from wherever and then push them to the server
(effectively blessing them in the process).

Ethan

-- 
The laws that forbid the carrying of arms are laws [that have no remedy
for evils].  They disarm only those who are neither inclined nor
determined to commit crimes.
		-- Cesare Beccaria, "On Crimes and Punishments", 1764
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://pidgin.im/cgi-bin/mailman/private/cabal/attachments/20070121/2b99cf2d/attachment.pgp 


More information about the Cabal mailing list