[Kde-scm-interest] Distributed model VS accountability

[Robert Wohlrab]

> The pusher, or the committer?
I think he means we dont know who commited the actual code.

> If the former, why does that matter?  Its not his code. If the latter,
> does git allow you to (pgp) sign a commit?
Only tags.

> Anyway; the rest of the mail reads like haskell to me ;)
> Would be nice if you can give a usecase (step by step and all) and the
> problem you see.
Let's do a "git-config user.name \"Aaron Seigo\"" and a "git-config user.email 
\"aseigo at olympusproject.org\"" and now do some commits with some nice, hidden 
security holes in it. Now change your name and mail back, do some nice double 
checked commits and push it to the official server (or let somebody else 
fetch).
Some months later, slashdot will have a news about "kde allows everyone to get 
root access and aaron seigo was it".

Now let the discussion begin.
-- 
Robert Wohlrab