[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] Dealing with lost key
From: |
Brian May |
Subject: |
Re: [Monotone-devel] Dealing with lost key |
Date: |
Sun, 18 Jan 2009 20:12:38 +1100 |
User-agent: |
Thunderbird 2.0.0.19 (X11/20090105) |
dlakelan wrote:
> Person A has been contributing to a project that Person B is
> participating in. Person A trusts person B's key. Person B begins to
> write code that Person A does not approve of (say it has some hidden
> functionality, backdoors, etc). person A wants to invalidate person
> B's keys for all future contributions, but retain the work that was
> done by person B before. Person A also wants to communicate to other
> members of the collaboration that he does not trust person B, and that
> he has reviewed person B's code and only approves of some of the
> changes...
I would simplify this to a even more common problem:
Person A, after numerous contributions to the project discovers is
laptop computer has been stolen, and as such cannot be sure the security
of his private key is still intact.
He wants to be able to indicate to the project at large that all
existing revisions are Ok, but future revisions are not.
How does monotone tell which are the old revisions and which are the new
ones? Note: You cannot trust the time saved in certificates, it is
trivial to update the system clock to an earlier date and commit changes.
Maybe just mark the key as bad and require somebody manually resign all
good code with a good key?
Brian May
- [Monotone-devel] Dealing with lost key, dlakelan, 2009/01/15
- Re: [Monotone-devel] Dealing with lost key, Timothy Brownawell, 2009/01/17
- Re: [Monotone-devel] Dealing with lost key, dlakelan, 2009/01/17
- Re: [Monotone-devel] Dealing with lost key, Timothy Brownawell, 2009/01/17
- Re: [Monotone-devel] Dealing with lost key, dlakelan, 2009/01/17
- Re: [Monotone-devel] Dealing with lost key,
Brian May <=
- Re: [Monotone-devel] Dealing with lost key, Ethan Blanton, 2009/01/18
- Re: [Monotone-devel] Dealing with lost key, dlakelan, 2009/01/21
- Re: [Monotone-devel] Dealing with lost key, Ethan Blanton, 2009/01/22