On Jul 13, 2010, at 09:56 PM, Éric Araujo wrote: >Note that nothing in Mercurial forces you to have a parsable >“Name <email>” user name, it’s just a good practice. Dirkjan’s mapping >uses a dummy tools at python.org address for unknown IDs, which probably >means the other tools he’s writing depend on an email address. That >would need to be in the dev policy. Bazaar has a facility for digitally signing commits, which I always enable. While this is a local configuration, some projects I contribute to have merge hooks which check the digital signatures and refuse the push if the revisions are not signed with a known gpg key. Does Mercurial have a similar feature? If so, I would suggest that we enable that and require committers to use registered gpg keys to sign their commits. We'd always have a verifiable chain back to a responsible party, and committers would be responsible for any changes or patches they merge on behalf of others. IME the overhead is pretty trivial, but then I'm quite comfortable with gpg concepts and tools. -Barry -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: not available URL: <http://mail.python.org/pipermail/python-dev/attachments/20100713/a8109dc7/attachment.pgp>
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4