[pydotorg-www] project plan

Dirkjan Ochtman dirkjan at ochtman.nl
Tue Apr 20 16:29:03 CEST 2010


On Tue, Apr 20, 2010 at 16:16, Barry Warsaw <barry at python.org> wrote:
> I don't know whether Mercurial has the same feature that Bazaar has, where
> each revision can be signed, locally, on commit.  I always enable that for

There is an extension to help sign revisions on each commit, certainly.

> everything I do.  I also don't know whether that can be enforced (e.g. ensure
> on the server that on push, every revision is signed by a known gpg key).
> That may not prevent corruption after a break-in, but it would make
> post-attack analysis much easier.

Enforcing something in a hook wouldn't be very hard.

Cheers,

Dirkjan


More information about the pydotorg-www mailing list