|
| From: | graydon hoare |
| Subject: | [Monotone-devel] Re: Signature from <address@hidden> |
| Date: | Tue, 16 Dec 2003 09:36:20 -0500 |
| User-agent: | Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031115 Thunderbird/0.3 |
Peter Simons wrote:
Is this key available for download somewhere? Should I accept those packets, or should I stick to those patches signed by <address@hidden> and <address@hidden>, as the web site tells me?
yeah, the key is available here: http://www.tastensuppe.de/~oxygene/mtdata.txtbut, in general, you don't need to worry. I issued a cert attesting to the same edge oxygene did (it's a change I fetched from his depot -- some fixes for solaris) and so your client doesn't need to trust him. the warning is just a warning that you *might* be missing part of the graph. in any case, it's harmless to keep extra packets around you don't trust; you won't act on them unless you've indicated trust.
currently trust is indicated by presence-of-a-key in your database, but as I mentionned in a previous message, there'll be a change to the UI for this in the 0.9->0.10 cycle, to do trust evaluation on hook+fingerprint rather than key presence. after that we will have monotone become much more promiscuous about publishing and receiving keys. in particular, it'll post all keys it knows to a depot, so such warnings should become rare.
*sigh* I wish there weren't so many UI issues I wanted to address concurrently with the i18n and storage system changes, but there's only so much time. I'm going to have to keep holding on some of these things for now, unfortunately. (patches welcome)
-graydon
| [Prev in Thread] | Current Thread | [Next in Thread] |